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(54) Message and communication system in network 



(57) A Message and communication system in a 
coupled data network is disclosed. The coupled data 
network includes a foreign network and a home network. 
The foreign network includes a foreign base station with 
a foreign access hub, the foreign access hub including 
a first sen/ing inter-working function. The home network 
includes a first home inter-working function. A first mo- 



bile end system is a subscriber to the home network and 
operates within the foreign network. A first message is 
transportable between the first mobile end system and 
a first communications server through the first home in- 
ter-working function and through the first sen/ing inter- 
wprking function of the foreign access hub in the foreign 
base station. 
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Description 

RACKGROUND OF THE INVENTION 

5 [0001] PrioritybenefitoftheC>ctober14J997filingdat90f provision^ 
claimed. 

Field of the Invention 

10 [0002] The presenl system relates to a coupled data network, and more particularly toa message and communication 
system in the coupled data network. 



Description Of Related Art 

IS [0003] FIG. 1 depicts three business entities, whose equipment, working together typically provide remote internet 
access to user computers 2 through user modems 4. User computers 2 and modems 4 constitute end systems. 
[0004] The first business entity is the telephone company (telco) that owns and operates the dial-up plain old tele- 
phone system (POTS) or integrated services data network (ISDN) network. The telco provides the media in the form 
of public switched telephone network (PSTN) 6 over which bits (or packets) can flow between users and the other two 

20 business entities. 

[0005] The second business entity is the internet service provider (ISP). The ISP deploys and manages one or more 
points of presence (POPs) 8 in its service area to which end users connect for network service. An ISP typically es- 
tablishes a POP in each major local calling area in which the ISP expects to subscribe customers. The POP converts 
message traffic from the PSTN run by the telco into a digital form to be carried over intranet backbone 10 owned by 
25 the ISP or leased from an intranet backbone provider like MCt. Inc. An ISP typically leases fractional or full T1 lines or 
fractional or full T3 lines from the telco for connectivity to the PSTN. The POPs and the ISP's data center 14 are 
connected together over the intranet backbone through router 1 2A. The data center houses the ISP's web servers, 
mail senders, accounting and registration sen/ers. enabling the ISP to provide web content, e-mail and web hosting 
services to end users. Future value added services may be added by deploying additional types of servers in the data 
30 center The ISP also maintains router 1 2A to connect to public internet backbone 20. In the current model for remote 
access end users have sen/ice relationships with their telco and their ISP and usually get separate bills from both. 
End users access the ISP. and through the ISP, public internet 20, by dialing the nearest POP and running a commu- 
nication protocol known as the Internet Engineering Task Force (IETF) point-to-point protocol (PPP). 
[0006] The third business entity is the private corporation which owns and operates its own private intranet 1 Sthrough 
35 router 12B for business reasons. Corporate employees may access corporate network 18 (e.g., from home or while 
on the road) by making POTS/ISDN calls to corporate remote access server 16 and running the IETF PPP protocol. 
For corporate access, end users only pay for the cost of connecting to corporate remote access server 1 6. The ISP is 
not involved. The private corporation maintains router 12B to connect an end user to either corporate intranet 18 or 
public internet 20 or both. . » ,u - ^ 

40 [0007] End users pay the telco for the cost of making phone calls and for the cost of a phone line into their home. 
End users also pay the ISP for accessing the ISP's network and sen/ices. The present system will benefit wireless 
service providers like Sprint PCS, PrimeCo. etc. and benefit internet sen/ice providers like AOU AT&T Worldnet, etc. 
[0008] Today, internet service providers offer internet access services, web content services, e-mail sen/ices, content 
hosting services and roaming to end users. Because of low margins and no scope of doing market segmentation based 
45 on features and price. ISPs are looking for value added services to improve margins. In the short temn, equipment 
vendors will be able to offer solufions to ISPs to enable them to offer faster access, virtual private networking (which 
is the ability to use public networks securely as private networks and to connect to intranets), roarning consortiums, 
push technologies and quality of service. In the longer lerm. voice over internet and mobility will also be offered. ISPs 
will use these value added services to escape from the low margin straitjacket. Many of these value added services 
so fall in the category of network services and can be offered only through the network infrastructure equipment. Others 
fall in the category of application services which require support from the network infrastructure, while others do not 
require any support from the network infrastructure. Sen/ices like faster access, virtual private networking, roaming, 
mobility voice, quality of service, quality of service based accounting all need enhanced network infrastructure. The 
system 'described here will either directly provide these enhanced services or provkle hooks so that these services 
55 can be added later as future enhancements. Wireless service providers will be.able to capture a larger share of the 
revenue stream The ISP will be able to offer more senrices and with better market segmentation. 
[0009] According to one aspect of the invention there is provided a coupled data network comprising: a foreign 
network that includes a foreign base station with a foreign access hub, the foreign access hub including a first serving 
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inter-workingf unction; a home network with a first home inter-working f unction; and a first mobile end system subscribed 
to the home network and operating within the foreign network, a first message being transportable between the first 
mobile end system and a first communications server through the first home inter-working function and through the 
first serving inter-working function of the foreign access hub in the foreign base station, the home network can include 
5 a home mobile switching center, the first home inter-working function being included in the home mobile switching 
center The network can further comprise: a second end system subscribed to the home network and operating as a 
fixed end system within the home network; and a home base station that includes a home access hub with a second 
home inter-working function, a second message being transportable between the second end system and a second 
communications server through the second home inter-workjng function. The network can further comprise: ia second 
10 end system subscribed to the home network and operating as a mobile end system within the home network; a home 
mobile switching center having a second home inter-working function, the first home inter-working function being in- 
cluded in the home mobile switching center; and a home base station that includes a home access hub with a second 
serving inter-working function, a second message being transportable between the second end systerh and a second 
communications sen/er through the second serving inter-working function and through the second home inter-working 
15 junction. The first home inter-working function can include a home accounting collection module to collect accounting 
dataqn message traffic transported through the first home inter-working function. The home network can further include 
a home mobile switching center that includes a home accounting server; and the home accounting collection module 
can include a sub-mpdule to periodically send accounting reports to a home accounting sen/er. The home network can 
further include a home billing processor; and the home accounting server can include a module to send accounting 
20 reports to the home billing processor, the home billing processor including a module to prepare customer bills based 
on the accounting reports from the home accounting server. The first home inter-working function can include a home 
accounting collection module to collect accounting data on message traffic transported through the first home inter- 
working function. The home network can further include a home mobile switching center thai includes a home account- 
ing sen/er; and the home accounting collection module can include a sub-nrodule to periodicaity send accounting 
^5 reports to a home accounting server. The home network can further include a home billing processor; and the home 
accounting server can include a module to send accounting reports to the hoitie billing processor, the home billing 
processor including a module to prepare custorrier bills based on the accounting reports from the home accounting 
sen/er. The home network can further include a home billing processor; the foreign network can further include a foreign 
accounting server and a foreign billing processor; the first sen/ing Inter-working function can include a foreign accourit- 
30 ing collection module to collect accounting data on message traffic transported through the first serving inter-workIng 
function, the foreign accounting collection module can include a sub-module to periodically send accounting reports 
to the foreign accounting server, the foreign accounting sen/er including a module to send accounting reports to the 
foreign billing processor, the foreiign billing processor including a module to send accounting reports to the home billing 
processor, the home billing processor including a nrxxiule to prepare customer bills based on the accounting reporta 
35 from the foreign billing processor. The foreign network can further include a foreign mobile switching center, the foreign 
mobile switching center including a serving registration server, and the foreign access hub including a proxy registration 
agent; the home mobile switching center with a home registration server; and the first mobile end system includes an 
end registration agent, the end registration agent being coupled to the proxy registration agent, the proxy registration 
agent being coupled to the sen/ing registration server, the sen/ing registration server being coupled to the home reg- 
40 Istration server. The home registration sen/er can include a module to authenticate that the foreign network is authorized 
to host the end system. The home registration server can include a module to authenticate that the first mobile end 
system is authorized to receive sen/ices of the home network. The serving registration sen/er can include a module to 
authenticate that the first mobile end system is a subscriber of the home network. The home registratbn sen/er can 
include a module to authenticate that the foreign network is authorized to host the first mobile end system; the home 
45 registration sen/er includes a module to authenticate that the first mobile end system is authorized to receive sen/ices 
of the home network; and the sen/ing registration server includes a module to authenticate that the first mobile end 
system is a subscriber of the home network. The foreign network can further include a foreign mobile switching center 
with a sen/ing registration sen/er; the home network further includes a home mobile switching center with a home 
registration server and a plurality, of unassigned homeinter-working functions; and the first mobile end system includes 
50 an end registration agent to form a registratk)n request, the end registration agent sending the registration request 
through the serving registration server to the home registration sen/er, the home registration sen/er including a module 
to select an active home inter-working function from the plurality of unassigned home inter-working functions based 
on the registration request. The sen/ing inter-working function can be regarded as an active serving inter-working 
function; the foreign networkcan further include a plurality of sen/ing inter-working functions; and the sen/ing registration 
55 . server can include a module to select the active serving inter-working function from the plurality of sen/ing inter-working 
functions based on the registration request. The home registration sen/er can include a module to authenticate that 
the foreign network Is authorized to host the first mobile end system. The home registration sen/er can include a module 
to authenticate that the first mobile end system is authorized to receive sen/ices of the home network. The serving 
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registration server can include a module to authenticate that the first mobile end system is a subscriber of the home 
network. The registration request can include service type information; and the home registration server can include 
a module to control the selection of the active home inter-working function based on the service type information. The 
sen/ice type information can specify a request for one of public internet sen/ice and private intranet serviciB. The service 

5 type information can specify a request for one of mobile sen/ice and fixed sen/ice. The registration request can include 
quality of service information; and the home registration server can include a module to control the selection of the 
active home inter-working function based on the qualtty of service information. The quality of sen/ice information can 
specify a request for one of constant bit rate service, real time variable bit rate service, non-real time variable bit rate 
sen/ice, unspecified bit rate service and available bit rate service. 

10 [0010] According to another aspect of the invention there is provided a data network coupled to a foreign network 
that includes a foreign base station with a foreign access hub, the foreign access hub including a first serving inter- 
working function, the wireless data network comprising; a home network with a first home inter-working function; and 
a first mobile end system subscribed to the home network and operating within the foreign network, a first message 
being transportable between the first mobile end system and a first communications server through the first home inter- 
ns working function and through the first serving inter-working function of the foreign access hub in the foreign base 
station. The network can further comprise; a second end system subscribed to the home network and operating as a 
fixed end system within the home network; and a home base station that includes a home access hub with a second 
home inter-working function, a second message being transportable between the second end systern and a second 
communications server through the second home inter-working function. The network can further comprise a second 

20 end system subscribed to the home network and operating as a mobile end system within the home network; a home 
mobile switching center having a second home inter-working function, the first home inter-working function being in- 
cluded in the home mobile switching center; and a home base station that includes a home access hub with a second 
serving inter-working function, a second message being trarisportable between the second end system and a second 
communications server through the second sen/ing inter-working function and through the second home inter-working 

25 function. The first home inter-working function can include a home accounting collection module to collect accounting 
data on message traffic transported through the first home inter-working function. The home network can further include 
a home mobile switching center that includes a home accounting server, and the home accounting collection module 
can include a sub-module to periodically send accounting reports to a home accounting server. The home network can 
further include a hilling processor; and the home accounting server can include a module to send accounting reports 

30 to the billing processor, the billing processor including a module to prepare customer bills based on the accounting 
reports from the home accounting sender. The first home inter-working function can include a home accounting collec- 
tion module to collect accounting data on message traffic transported through the first home inter-working function. 
The home network can further include a home mobile switching center that includes a home accounting server, and 
the home accounting collection module can include a sub-module to periodically send accounting reports to a, home 

35 accounting server. The home network can further include a billing processor; and the home accounting server can 
include a module to send accounting reports to the billing processor, the billing processor including a module to prepare 
customer bills based on the accounting reports from the home accounting server. The hortie network can further include 
a home billing processor; the foreign network can further include a foreign accounting server and a foreign billing 
processor; the first serving inter-working function can include a foreign accounting collection module to collect account- 

40 ing data on message traffic transported through the first serving inter-working f unctbn, the foreign accounting collection 
module including a sub-module to periodically send accounting reports to the foreign accounting server, the foreign 
accounting server including a module to send accounting reports to the foreign billing processor, the foreign billing 
processor including a module to send accounting reports to the home billing processor, the home billing processor 
including a module to prepare customer bills based on the accounting reports from the foreign billing processor The 
45 foreign network can include a foreign mobile switching center, the foreign mobile switching center can include a sen/ing 
registration sen/er, and the access hub can include a proxy registration agent, the homenetwork that can further include 

a home mobile switching center with a home registration sen/er; the first mobile end system can include an end reg- 
istration agent, the end registration agent being coupled to the proxy registration agent, the proxy registration agent 
being coupled to the serving registration sen/er, the sen/ing registration server being coupled to the home registration 

so server. The home registration sen/er can include a module to authenticate that the foreign network is authorized to 
host the first mobile end system. The home registration server can include a module to authenticate thatthe first mobile 
end system is authorized to receive sen/ices of the home network. The foreign network can include a foreign mobile 
switching center with a serving registration sen/er, the home network that can include a home mobile switching centier 
with a home registration server and a plurality of unassigned home inter-working functions; and the first mobile end 

55 system can include an end registration agent to form a registration request, the end registration agent sending the 
registration request through.the sen/ing registration sen/ertothe home registration sen/er, the home registration sen/er 
including a module to select an active home inter-working function from the plurality of unassigned home inter-working 
functions based on the registration request. The home registratbn sen/er can include a module to authenticate that 
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the foreign network is authorized to host the first mobile end system. The home registration server can include a module 
to authenticate that the fi rst mobile end system is authorized to receive services of the home network. The registration 
request can include sen^ice type inforrnation; and the home registration server can Include a module to control the 
selection of the active home inter-working function based on the service type information. The service type information 

5 can specify a request for one of public internet service and private intranet service. The service type information can 
specify a request for one of mobile service and fixed service. The registration request includes quality of service infor- 
mation; and the home registration server includes a module to control the selection of the active home inter-working 
function based on the quality of service Information. The quality of service information specifies a request for one of 
constant bit rate service, real time variable bit rate service, non-real time variable bit rate service, unspecified bit rate 

10 service and available bit rate service. 

[0011] According to a further aspect of the present invention there is provided a mobile end system for use in a data 
network coupled to a foreign network, that includes aloreign base station with aforeign access hub, the foreign access 
hub including a first serving inter-working function, and a home network with a first home inter-working function, com- 
prising: means for connecting the mobile end system to said foreign network; and said first mobile end system sub- 

15 scribed to the home network and operating within the foreign network, a first message being transportable between 
the first mobile end system and a first communications sender through the first home inter-working f unction and through 
the first serving inter-working function of the foreign access hub in the foreign base station. 

[0012] According toa still further aspect of the present invention, there is provided a home network for use in a data 
network coupled to a foreign network, that includes a foreign base station with a foreign access hub, the foreign access 

20 hub including a first serving inter-working function, and mobile end system subscribed to the home network and oper- 
ating within the foreign network, comprising: a home switching center; a first home inter-working function being included 
in said home mobile switching center; and wherein a first message is transported between the first mobile end system 
and a first communications server through the first home inter-working function and through the first serving inter- 
working function of the foreign access hub in the foreign base station. 

25 [0013] The present system provide end users with remote wireless access to the public internet, private intranets 
and internet service providers. Wireless access is provided through base stations in a home network and base stations 
in foreign networks with interchange agreements. 

[0014] It is an object of the present system to provide a wireless packet switched data network for end users that 
divides mobility management into local, micro, macro and global connection handover categories and minimizes hand- 

30 off updates according to the handover category. It Is another object to integrate MAC handoff messages with network 
handoff messages. It is a further object of the present system to separately direct registration functions to a registration 
server and direct routing functions to inter-working function units. It is yet another object to provide an intermediate 
XTunnel channel between a wireless hub (also called access hub AH) and an inter-working function unit (IWF unit) In 
a foreign network. It is yet another object to provide an IXTunnel channel between an inter-working function unit in a 

35 foreign network and an inter-working function unit in a home network. It is yet another object to enhance the layer two 
tunneling protocol (l_2TP) to support a mobile end system. It Is yet another object to perlorm network layer registration 
before the start of a PPP communication session. 

[0015] According to one embodiment of the invention, a coupled data network with a foreign network and a home 
network is disclosed. The foreign network includes a foreign base station with a foreign access hub, the foreign access 

40 hub including a first serving inter-working function. The home network includes a first home inter-wprking function. A 
first mobile end system is a subscriber to the home network and operates within the foreign network, A first message 
is transportable between the first mobile end system and a first communications seo/er through the first home inter- 
working function and through the first serving inter-working function of the foreign access hub in the foreign basestation. 
[0016] According to another embodiment of the invention, a data network includes a home network with a first home 

45 Inter-working function. A first mobile end system is a subscriber to the home network and operates within the foreign 
network. A first message is transportable between the first mobile end system and a first communications server through 
the first home inter-working function and through the first serving inter-working function of the foreign access hub in 
the foreign base station. 

50 Brief Description Of Drawings 

[0017] The invention will be described in detail in the following description of preferred embodiments with reference 
to the following figures wherein: 

55 FIG. 1 is a configuration diagram of a known remote access architecture through a public switched telephone 

network; 

FIG. 2 is a configuration diagram of a remote access architecture through a wireless packet switched data network 



5 



EP 0 918 417 A2 



according to the present invention; 

FtG. 3 is a configuration diagram of selected parts of the architecture of the network of FIG. 2 showing a roaming 
scenario; 

FtG. 4 is a configuration diagram of a base station with local access points; 

FIG. 5 is a configuration diagram of a base station with local access points connected together via IEEE 802.3 links; 

FIG. 6 is a configuration diagram of a base station with remote access points, some of which are connected using 
a wireless trunk connection; 

FIG, 7 is a diagram of a protocol stack for a local access point; 

FIG. 8 is a diagram of a protocol stack tor a remote access point with a wireless trunk; 

FIG. 9 is a diagram of a protocol stack for a relay function in the base station for supporting remote access points 
with wireless trunks; 

FIG. 10 is a diagram of protocol stacks for implementing the relay function depicted in FtG. 9; 

FIG. 11 is a diaigram of protocol stacks for a relay function in the base station for supporting local access points; 

FIG. 1 2 is a configuration diagram of selected parts of the architecture of the network of FIG. 2 showing a first end 
system registering in the home network from the home network and a second system registering in the home 
network from a foreign network using a home inter-working function for an anchor; 

FIG. 1 3 is a configuration diagram of selected parts of the architecture of the network of FIG. 2 showing a first end 
system registering in the honie network from the home network and a second system registering in the home 
network from a foreign network using a serving inter-working function for an anchor; 

FIG. 14 is a ladder diagram of the request and response messages to register in a home network from a foreign 
network and to establish, authenticate and configure a data link; 

FIG. 15 is a configuration diagram of selected parts of the architecture of the network of FIG. 2 showing registration 
requests and responses for registering a mobile in a home network from the home network; 

FIG. 1 6 is a configuration diagram of selected parts of the architecture of the network of FIG. 2 showing registration 
requests and responses for registering a mobile In a home network f ronri a foreign network; 

FIG. 17 is a configuration diagram of protocol stacks showing communications between an end system in a home 
network and an inter-working function in the home network where the cell site has local access points; 

FIG. 18 is a configuration diagram of protocol stacks showing communications between ah end system in a honrte 
network and an inter-working function in the home network where the cell site has remote access points coupled 
to a wireless hub through a wireless trunk; 

FIG. 19 is a configuration diagram of protocol stacks showing communications between a base station coupled to 
a roaming end system and a home inter-working function; 

FIG. 20 is a configuration diagram of protocol stacks showing communications. between an end system in a home 
network through an inter-working function in the home network to an internet service provider; 

FIG. 21 is a configuration diagram of protocol stacks showing communications between an end system in a foreign 
network and a home registration server in a home network during the registration phase; 

FIG. 22 is a processing flow diagram shiDwing the processing of accounting data through to the customer billing 
system; 
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FIGS. 23 and 24 are (adder diagrams depicting the registration process tor an end system in a home network and 
in a foreign network, respectively; 

FIGS. 25 and 26 are protocol stack diagrams depicting an end system connection in a home network where a PPP 
5 protocol terminates in an inter-working function of the home network and where the PPP protocol terminates in an 

ISP or intranet, respectively; 

FIGS. 27 and 28 are protocol stack diagrams depicting an end system connectbn in a foreign network where a 
PPP protocol terminates in an inter-working function of the foreign network and where the PPP protocol terminates 
10 in an ISP or intranet, respectively; 

FIG. 29 illustrates end systems connected via ethemet to a wireless modem where PPP protocol is encapsulated 
in an ethernet frame; 

IS FIG. 30 illustrates an ethernet frame format; 

FIG. 31 illustrates XWD Header fields; 

FIG. 32 illustrates end systems connected via a local area network to a wireless router where PPP protocol ter- 
20 minates at the wireless router; 

FIGS. 33, 34 and i35 are ladder diagrams depicting a local handoff scenario, a micro handoff scenario and a macro 
handoff scenario, respectively; 

25 FIG. 36 Is a ladder diagram depicting a global handoff scenario where the foreign registration server changes and 

where home inter-working function does not change; and 

FIG. 37 is a ladder diagram depicting a global handoff scenario where both the foreign registration server and the 
home inter-working functran change. 

30 

Detailed Description Of Preferred Embodiments 

[0018] The present inventran provides computer users with remote access to the Internet and to private intranets 
using virtual private network services over a high speed, packet switched, wireless data link, these users are able to 

35 access the public internet, private intranets and their internet sen/ice providers over a wireless link. The network sup- 
ports roaming, that is, the ability to access the internet and private intranets using virtual private network services from 
anywhere that the services offered by the present system are available. The network also supports handoffs, that is, 
the ability to change the point of attachment of the user to the network without disturbing the PPP link between the 
PPP client and the PPP server. The network targets users running horizontal internet and intranet applications. These 

40 applications include electronic mail, file transfer, browser based WWW access and other business applications built 
around the internet. Because the network will be based on the IETF standards, it is possible to run streaming media 
protocols like RTP and conferencing protocols like H.323 over it. 

[001 9] Other internet remote access technologies that are already deployed or are in various stages of deployment 
include: wire line dial-up access based on POTS and ISDN, XDSL access, wireless circuit switched access based on 
45 GSM/CDMA/TDMA, wireless packet switched access based on GSM/CD MA/TDM A, cable moderns, and satellite 
based systems. However, the present system offers a low cost of deployment, ease of maintenance, a broad feature 
set, scaleability, an ability to degrade gracefully under heavy load conditions and support for enhanced network services 
like virtual private networking, roaming, mobility and quality of sen/ice to the relative benefit of users and service pro- 
viders. 

50 [0020] For wireless service providers who own personal communications system (PCS) spectrum, the present sys- 
tem will enable them to offer wireless packet switched data access services that can compete with services provided 
by the traditional wire line telcos who own and operate the PSTN. Wireless sen^ice providers may also decide to become 
internet service providers themselves, in which case, they will own and operate the whole network and provide end to 
end services to users. 

55 [0021 ] For internet service providers the present system will allow them to by -pass the telcos (provided they purchase 
or lease the spectrum) and offer direct end to end sen/ices to users, perhaps saving access charges to the telcos, 
which may increase in the future as the internet grows to become even bigger than it is now. 
[0022] The present systems flexible so that it can benefit wireless service providers who are not internet service 
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providers and who just provide ISP, internet or private intranet access to end users. The system can also benefit service 
providers who provide wireless access and internet services to end users. The system can also benefit service providers 
who provide wireless access and internet services but also allow the wireless portion of the network to be used for 
access to other ISPs or to private intranets. 

s [0023] In FIG. 2. end systems 32 (e.g.. based on, for example. Win 95 personal computer) connect to wireless 
network 30 using externa! or internal modems. These rtKxiems. allow end systems to send and receive medium access 
control (MAC) frames over air link 34. External moderr^ attach to the PC via a wired or wireless link. Extemal nrKxJems 
are fixed, and, for example, co-located with roof top mounted directional antennae. External modems may be connected 
to the user's PC using any one of following means: 802.3. universal serial bus, parallel port, infra-red. or even an ISM 

^0 radio link. Internal modems are preferably PCMCIA cards for laptops and are plugged into the laptop's backplane. 
Using a small omnidirectional antenna, they send and receive MAC frarhes over the air link. End systems can also be 
laptops with a directional antenna, a fixed wireless stalton in a home with a direction antenna connected via AC lines, 
and other alternatives. 

[0024] Wide-area wireless coverage is provided by base stations 36. The base station 36 can emptoy a 5-channel 
IS reuse communicatbn scheme as described in U.S. Patent Application Serial No. 08/998.505, filed on December 26, 

1 997. the range of coverage provided by base stations 36 depends on factors like link budget, capacity and coverage. 

Base stations are typically installed in cell sites by PCS (personal communication servrces) wireless service providers. 

Base stations multiplex end system traffic from their coverage area to the system's rmbile switching center (MSG) 40 

over wire line or microwave backhaul network 38. 
20 [0025] The system is independent of the MAC and PHY (physical) layer of the air link and the type of modism. The 

architecture is also independent of the physical layer and topology of backhaul network 38. The only requirements for 

the backhaul network are that it must be capable of routing internet protocol (IP) packets between base stations and 

the MSG with adequate performance. At Mobile Switching Center 40 (MSC 40), packet data inter-working function 

(IWF) 52 terminates the wireless protocols for this network. IP router 42 connects MSC 40 to public internet 44, private 
2S intranets 46 or to internet service providers 46. Accounting and directory servers 48 in MSC 40 store accounting data 

and directory information. Element management server 50 pnanages the equipment which includes the base stations. 

the IWFs and accounting/directory servers, 

[0026] The accounting server will collect accounting data on behalf of users and send the data to the service provider's 
billing system. The interface supported by the accounting server will send accounting information in American Man- 
30 agemenl Association (AM A) billing record format, or any other suitable billing format, over a TCP/IP (transport control 
protocol/internet protocol) transport to the billing system (which is not shown in the figure). 

[0027] The network infrastructure provides PPP (point-to-point protocol) service to end systems. The network pro- 
vides (1 ) fixed wireless access with roaming (log-in anywhere that the wireless coverage is available) to end systems 
and (2) low speed mobility and hand-off s. When an end system logs on to a network, in it may request either fixed 

55 service (i.e., stationary and not requiring handoff services) or mobile service (i.e., needing handoff services). An end 
system that does not specify fixed or mobile is regarded as specifying mobile service. The actual registration of the 
end system is the result of a negotiation with a home registration server based on requested level of service, the level 
of services subscribed to by the user of the end system and the facilities available in the network. 
{0028] If the end system negotiates a fixed service registration (i.e., not requiring handoff services) and the end 

40 system is located in the home network, an IWF (inter-working function) is implemented in the base station to relay 
traffic between the end user and a communications server such as a PPP sender (i.e., the point with which to be 
connected, for example, an ISP PPP server or a corporate intranet PPP server or a PPP server operated by the wireless 
service provider to provide customers with direct access to the public internet). It is anticipated that perhaps 80% of 
the message traffic will be of this category, and thus, this architecture distributes IWF processing into the base stattons 

45 and avoids message traffic congestion in a central mobile switching center. 

[0029] If the end system requests mobile service (from a home network or a foreign network) or if the end system 
request roaming service (i.e., sen^ice from the home network through a foreign network), two IWFs are established: a 
serving I WF typically established in the base station of the network to which the end system is attached (be it the home 
network or a foreign network) and a home IWF typically established in mobile switching center MSC of the home 

50 network. Since this situation is anticipated to involve only about 20% of the message traffic, the message traffic con- 
gestion around the mobile switching center is minimized. The serving IWF and the wireless hub may be co^ocated in 
the same nest of computers or may even be programmed in the same computer so that a tunnel using an XTuhnel 
protocol need not be established between the wireless hub and the serving IWF. 

[0030] However, based on available facilities and the type and quality of service requested, a serving IWF in a foreign 
55 network may altematively be chosen from facilities in the foreign MSC. Generally, the home IWF becomes an anchor 
point that is not changed during the communications session^ while the serving IWF may change if the end systerti 
moves sufficiently. 

[0031] The base station includes an access hub and at least one access point (be it remote or collocated with the 
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access hub). Typically, the access hub serves multiple access points. While the end system may be attached to an 
access point by a wire or cable according to the teachings of this invention, in a preferred embodiment the end systerti 
is attached to the access point by a wireless 'air link", in which case the access hub is conveniently referred to as a 
wireless hub. While the access hub is referred to as a "wireless hub" throughout the description herein, it will be ap- 
5 predated that an end system coupled through an access point to an access hub by wire or cable is an equivalent 
implementation and is contemplated by the term "access hub". 

[0032] In the invention, an end system includes an end user registration agent (e.g., software running on a computer 
of the end system, its modem or both) that communicates with an access point, and through the access point to a 
wireless hub. The wireless hub includes a proxy registration agent (e.g., software running on a processor in the wireless 
10 hub) acting as a proxy for the end user registration agent. Similar concepts used in, for example, the IETF proposed 
Mobile IP standard are commonly referred to as a foreign agent (FA). For this reason, the proxy registration iagent of 
the present system will be referred to as a foreign agent, and aspects of the foreign agent of the present system that 
differ from the foreign agent of Mobile IP are as described throughout this description. 

[0033] Using the proxy registration agent (i.e., foreign agent FA) in a base station, the user registration agent of an 
'S end system is able to discover a point of attachment to the network and register with a registration server in the MSG 
(mobile switching center) of the home network. The home registration server detemnlnes the availability of each of the 
plural inter-working function modules (IWFs) in the network (actually software modules that run on processors in t>oth 
the MSG and the wireless hubs) and assigns IWF(s) tothe registered end system. For each registered end systerin, a 
tunnel (using the XTunnef proXoco\) is creiated between the wireless hub in the base station and an inter-working function 
20 (1 WF) in the mobile switching center (MSG), this tunnel transporting PPP frames between the end system and the 1 WF 
[0034] As used herein, the XTunnel protocol is a protocol that provides in-sequence transport of PPP data frames 
with flow control. This protocol may run over standard IP networks or over point-to-point networks or over switched 
networks like ATM data networks or frame relay data networks. Such networks may be based on T1 or T3 links or 
based on radio links, whether land based or space based. The XTunnel protocol may be built by adapting algorithms 
2S from l^TP (level 2 transport protocol). In networks based on links where lost data packets may be encountered, a re- 
transmission feature may be a desirable option. 

[0035] The end system's PPP peer (i.e., a communications server) may reside in the IWF or in a corporate intranet 
or ISP's network. When the PPP peer resides in the IWF, an end system is provided with direct internet access. When 
the PPP peer resides in an intranet or ISP, an end system is provided with intranet access or access to an ISP. In order 

30 to support intranet or ISP access, the IWF uses the layer two tunneling protocol (L2TP) to connect to the intranet or 
ISP's PPP server. From the point of view of the intranet or ISP's PPP server, the IWF looks like a network access server 
(NAS). PPP traffic between the end system and the IWF is relayed by the foreign agent in the base station. 
[0036] In the reverse (up link) direction. PPP frames traveling from the end system to the IWF are sent over the MAC 
and air link to the base station. The base station relays these frames to the IWF in the MSG using the XTunnel protocol. 

35 The IWF delivers them to a PPP server for processing. For intemet access, the PPP server may be in the same machine 
as the 1 WR For ISP or intranet access, the PPP sen/er is in a private network and the IWF uses the layer two tunneling 
protocol (L2TP) to connect to it. 

[0037] In the fonvard (down link) direction. PPP frames from the PPP server are relayed by the IWF to the base 
station using the XTanne/ protocol. The base station de-tunnels down link frames and relays them over the air link to 

40 the end system, where they are processed by the end system's PPP layer. 

[0038] To support mobility, support for hand-off s are included. The MAG layer assists the mobility management soft- 
ware in the base station and the end system to perform hand-offs efficiently. Hand-offs are handled transparently from 
the peer PPP entities and the L2TP tunnel. If an end system moves from one base station to another, a new XTunnel 
is created between the new base station and the original IWF The old XTt/nne/from the old base station will be deleted. 

4S PPP frames will transparently traverse the new path. 

[0039] The network supports roaming (i.e.. when the end user connects to its home wireless service provider through 
a foreign wireless service provider). Using this feature, end systems are able to roam away from the home network to 
a foreign network and still get sen/ice. provided of course that the foreign wireless service provider and the end system's 
home wireless service provider have a service agreement. 

50 [0040] In FIG. 3, roaming end system 60 has traveled to a location at which foreign v\rtreless sen^ice provider 62 
provides coverage. However, roaming end system 60 has a subscriber relationship with home wireless sen/ice provider 
70. In the present invention, home wireless service provider 70 has a contractual relationship with foreign wireless 
service provider 62 to provide access services. Therefore, roaming end system 60 connects to base station 64 of 
foreign wireless semce provider 62 over the air (ink. Then, data is relayed from roaming end system 60 through base 

ss station 64. through serving IWF 66 of foreign wireless sen^ice provider 62, to home IWF 72 of home wireless sen^ice 
provider 70, or possibly through home IWF 72 of home wireless sen/ice provider 70 to intemet service provider 74. 
[0041] An ihter-sen/ice provider interface, called the 1-interface, is used for communications across wireless senfice 
provider (WSP) boundaries to support roaming. This interface is used for authenticating, registering and for transporting 
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the end system=s PPP frames between the foreign WSP and the home WSR 

[0042] PPP frames in the up link and the down link directions travel th rough the end system's home wireless service 
provider (WSP). Alternatively, PPP frames directly transit from the foreign WSP to the destination network. The base 
statbn in the foreign WSP is the end system's point of attachment in the foreign network. This base station sends (and 
receives) PPP frames to (and from) a serving tWF in the foreign WSPs mobile switching center. The serving IWF 
connects over the l-interface to the home IWF using a layer two tunnel to transport the end system's PPP frames in 
both directions. The serving IWF in the foreign WSP collects accounting data for auditing. The home IWF in the home 
WSP collects accounting data for billing. 

[0043] The serving IWF in the foreign WSP may bis combined with the base station in the same system, thus elim- 
inating the need for the X-Tunnel. 

[0044] During the registration phase, a registration sender in the foreign WSP determiniss the identity of the roaming 
end system's home network. Using this information, the foreign registration server communicates with the home reg- 
istration server to authenticate and register the end system. These registration messages flow over the l-interface. 
Once the end system has been authenticated and registered, a layer two tunnel is created between the base station 
and the serving IWF using the XTUNNEL protocol and another layer two tunnel is created between the serving IWF 
and the home IWF over the l-interface. The home IWF connects to the end system's PPP peer as before, using L2TP 
(level 2 tunnelprotocol). During hand-offs, the location of the home I WF and the L^TP tunnel remains fixed. As the end 
system moves from one base station to another base station, a new tunnel is created between the new base station 
and the serving IWF and the old tunnel between the old base station and the serving IWF is deleted. If the end system 
moves far enough, so that a new serving iWF is needed, a new tunnel will be created between the new serving IWF 
and the home IWF. The old tunnel between the old serving and the home will be deleted. 

[0045] To support roaming, the i -interface supports authentication, registration and data transport services across 
wireless service provider boundaries. Authentication and registration sen^ices are supported using the IETF Radius 
protocol. Data transport services to transfer PPP f ranhes over a layer two tunnel are supported using the i-XTunnei 
protocol. This protocol is based on the IETF L2TP protocol. 

[0046] As used in this description, the term home IWF refers to the IWF in the end system's home network. The temn 
sending i WF refers to the IWF in the foreign network which is temporarily providing sen/ice to the end system. Similarly, 
the term home registration server refers to the registration server in the end system's home network and the term 
foreign registration server refers to the registration server in the foreign network through which the end system registers 
white it is roaming. 

[0047] The network supports both fixed and dynamic IP address assignment for end systems. There are two types 
of IP addresses that need to be considered. The first is the Identity of the end system in its home network. This may 
be a structured user name in the format user ©domain. This is different from the home IP address used in mobile IP. 
The second address is the IPaddress assignedto the end system via the PPP IPCP address negotiation process. The 
domain sub-field of the home address is used to identify the user's home domain and is a fully qualified domain name. 
The user sub-field of the home address is used to identify the uiser in the home domain. The User-Name is stored on 
the end system and in the subscriber data-base at the MSG and is assigned to the user when he or she subscribes to 
the service. The domain sub-field of the User-Name is used during roaming to identify roaming relationships and the 
home registration server for purposes of registration and authentication, instead of the structured user name another 
unique identifier nr^y be used to identify the user's home network and the user's identity in the home network. This 
identifier is sent In the registration request by the end system 

[0048] The PPP IPCP is used to negotiate the IP address for the end system. Using IP configuration protocol IPCP, 
the end system is able to negotiate a fixed or dynamic IP address. 

[0049] Although the use of the structured user-name field and the non-use of an IP address as the home address is 
a feature that characterizes the present system over a known mobile 1 P, the network may be enhanced to also support 
end systems that have no user-name and only a non -null home address, if mobile IP and Its use in conjunction with 
PPP end systems becomes popular. The PPP server may be configured by the service provider to assign IP addresses 
during the IPCP address assignment phase that are the same as the end system's home IP address. In this case, the 
home address and the IPCP assigned IP address will be identical. 

[0050] In FIG. 4, base station 64 and air links from end systems form wireless sub-network 80 that includes the air 
links for end user access, at least one base station (e.g., station 64) and at least one backhaul network (e.g., 38 of 
FIG. 2) from the base statran to MSG 40 (FIG.2). The wireless sub-network architecture of, for example, a 3-sectored 
base station includes the following logical functions. 

1 . Access point function. Access points 82 pert omn f^AC layer bridging and MAC layer association and dissociation 
procedures. An access point includes a processor (preferably in the form of custom application specific integrated 
circuit ASIC), a link to a wireless hub (preferably in the form of an Ethernet link on a card or built into the ASIC), 
a link to an antenna (preferably in the form of a card with a data modulator/demodulator and a transmitter/receiver), 
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and the antenna to which the end system is coupled. The processor runs software to perform a data bridging 
function and various other functions in support of registration and mobility handovers as further described herein. 
See discussion with respect to FIGS. 7, 8 and 11. 

Access points (APs) take MAC layer frames from the air link and relay them to a wireless hub and vice versa. 

5 the MAC layer association and dlsassociation procedures are used by APs to maintain a list of end system MAC 

addresses in their MAC address filter table. An AP will only perform MAC layer bridging on behalf of end systerhs 
whose MAC addresses are present in the table. An access point and its associated wireless hub are typically co- 
located. In its simplest form, an access point is just a port into a wireless hub. When the APs and the wireless hub 
are co-located in the same cell site, they may be connected together via a IEEE 802.3 link. Sometimes, access 

10 points are located remotely from the wireless hub and connected via a long distance link like a wired T1 trunk or 

even a wireless trunk. For multi-sector cells, multiple access points (i.e., one per sector) are used. 

2. Wireless hub function. Wireless hub 84 performs the foreign agent (FA) procedures, backhaul load balancing 
(e.g., over multiple TVs), backhaul network interfacing, and the xtunnef procedures. When support for quality of 
15 servtee (QOS) is present, the wireless hub implements the support for QOS by running the xtunnef protocol over 

backhauls with different QOS atlributes. In a multi-sector cell site, a single wireless hub function is typically shared 
by multiple access points, 

A wireless hub includes a processor, a link to one or more access points (preferably in the form of an Ethernet 
link on a card or built into an ASIC), and a link to a backhaul line. The backhaul line Is typically a T1 or T3 com- 
20 munications line that terminates in the mobile switching center of the wireless service provider The link to the 

backhaul line formats data into a preferred format, for example, an Ethernet format, a frame relay format or an 
ATM format. The wireless hub processor runs software to support data bridging and various other functions as 
described herein. See discussion with respect to FIGS. 9, 10 and 11. 

25 [0051] The base station design supports the following types of cell architectures. 

1 . Local AP architecture. In a local AP architecture, accesis points have a large (> - 2km, typically) range. They 
are co-located in the cell site with the wireless hub (FIG. 4). Access points may be connected to the wireless hub 
using an IEEE 802.3 network or may be directly plugged into the wireless hub's backplane or connected to the 

30 wireless hub using some other mechanism (e.g. universal serial bus, printer port, infra-red, etc. ). It will be assumed 

that the first alternative is used for the rest of this discussion. The cell site may be dmni or sectored by adding 
multiple access points and sectored antennas to a wireless hub. 

2. Herwte AP architecture. In a remote AP iarchitecture, access points usually have a very small range, typically 
35 around 1 km radius. They are located remotely (either Indoors oroutdoors) from the wireless hub. ATI or a wireless 

trunk preferably links remote access points to the cell site where the wireless hub is located. From the cell site, a 
wire line backhaul or a microwave link is typically used to connect to the IWF in the MSC. II wireless trunking 
between the remote AP and the wireless hub is used, omni or sectored wireless radios for lain king are utilized. 
The devices for trunking to remote access points are preferably co-lpcated vvith the wireless hub and may be 
40 connected to it using an IEEE 802.3 network or may be directly plugged into the wireless hub=s backplane. These 

devices will be referred to by the term trunk AP. 

3. Mixed AP architecture. In a mixed architecture, the wireless sub-network will have to support remote and local 
access points. Remote access points may be added for hole filling and other capacity reasons. As described earlier. 

45 T1 or wireless trunks may be used to connect the remote AP to the wireless hub. 

[0052] FIG, 5 shows a cell with three sectors using local APs only. The access points and the wireless hub are co- 
located in the base station and are connected to each other with 802.3 links. 

[0053] FIG. 6 shows an architecture with remote access points 82 connected to wireless hub 84 using wireless trunks 
50 86. Each trunk access point in the base station provides a point to multi-point wireless radio link to the remote micro 
access points (R-AP in figure). The remote access points provide air link service to end systems. The wireless hub 
and the trunk access points are co-located in the base station and connected together via 802.3 links. This figure also 
shows remote access points 82R connected to the wireless hub via point to point T1 links. In this scenario, no trunk 
APs are required. 

55 [0054] To support all of the above cell architectures and the different types of access points that each cell might use, 
the network architecture follows the following rules: 

1 . Access points function as MAC layer bridges. Remote access points perform MAC bridging between the air link 
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to the end systems and the wireless or T1 trunk to the cell site. Local access points perform MAC bridging between 
the air link to the end systems and the wireless hub. 

2. Trunk access points also function as MAC layer bridges. They pertorm MAC bridging between the trunk (which 
5 goes to the access points) and the wireless hub. 

3. The wireless hub is connected to all co-located MAC bridges (i.e. local access points or trunk access points) 
using a 802,3 link initially. 

10 [0055] Additionally, where local access points or remote access points with T1 trunks are used, the following rules 
are followed. 

1 . Local access points are cp-located with the wireless hub and connected to it using point to point 802.3 links or 
a shared 802.3 network. Remote access points are connected to the wireless hub using point to point T1 trunks. 

15 

2. Sectorization is supported by adding access points with sectored antennas to the cell site. 

3. For each access point connected to the wireless hub. there is a foreign agent executing in the wireless hub 
which participates in end system registration. MAC layer association procedures are used to keep the MAC address 

20 filter tables of the access points up to date and to perform MAC layer bridginig efficiently. The wireless hub partic- 

ipates in MAC association functions so that only valid MAC addresses are added to the MAC address filter tables 
ot the access points. 

4. The foreign agent in the wireless hub relays frames from the access points to the MSC IWF and vice versa using 
25 the xfivnne/ protocol. The MAC address filter table is used to filter out those unicast MAC data frames whose MAC 

addresses are not present in the table. The APs always forward MAC broadcast frames and MAC frames associ- 
ated with end system recjistration functions regardless of the contents of the MAC address filter table. 

5. Local access points use ARP to resolve MAC addresses for routing IP traffic to the wireless hub. Conversely. 
30 the wireless hub also uses ARP to route IP packets to access points, UDP/IP is used for network management of 

access points. 

6. Remote access points connected via T1 do not use ARP since the link will be a point to point link. 
35 7. Support for hand-offs is done with assistance from the MAC layer. 

[0056] In a cell architecture using wireless trunks and trunk APs, the following rules are followed. 

1 . Trunk access points are co-located with the wireless hub and connected to it using point to point 802.3 links or 
40 Other suitable means. 

2. Wireless trunk sectorization is supported by adding trunk access points with sectored antennas to the cell site. 

3. Hand-offs across backhaul sectors are done using the foreign agent in the wireless hub. For each backhaul 
45 sector, there is a foreign agent executing in the wireless hub. 

4. The trunk APs do not need to participate in MAC layer end system association and hand off procedures. Their 
MAC address filter tables will be dynamically programmed by the wireless hub as end systems register with the 
network. The MAC address filter table is used to filter out unicast MAC frames. Broadcast MAC frames or MAC 

so frames containing registration packets are allowed to always pass through. 

5. Trunk APs use ARP to resolve MAC addresses for routing IP traffic to the wireless hub. Conversely, the wireless 
hub use ARP to route IP packets to trunk APs. UDP/IP is used tor network management of trunk APs, 

55 6. In a single wireless trunk sector, MAC association and hand-offs from one access point to another is done using 

the MAC layer with the assistance of the foreign agent in the wireless hub. Using these MAC layer procedures, 
end systems associate with access points. As end systems rnove f rorti one access point to another access point, 
the access points will use a MAC hand off protocol to update their MAC address filter tables. The wireless hub at 
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the celt site provides assistance to access points to perfornn this function, this assistance includes relaying MAC 
layer hand off messages (since access points will not be able to communicate directly over the MAC layer with 
each other) and authenticating the end system tor MAC layer registration and hand off and for updating the MAC 
address filter tables of the access points. 

7. The foreign agent for a wireless trunk sector is responsible for relaying frames from its trunk AP tothe MSC and 
vice versa using the xft/nne/ protocol. Thus, the foreign agent for a trunk AP does not care about the location of 
the end system with respect to access points within that wireless trunk sector In the down link direction, it just 
forwards frames from the tunnel to the appropriate trunk AP which uses MAC layer bridging to send the frames to 
all the remote access points attached in that backhaul sector. The access points consult their MAC address filter 
tables and either forward the MAC frames over the access network or drop the MAC frames. As described above, 
the MAC address filter tables are kept up to date using MAC layer association and hand off procedures. In the up 
link direction. MAC frarnes are forwarded by the access points to the backhaul bridge which forwards them to the 
foreign agent in the wireless hub using the 802.3 link. 

8, ARP is not be used for sendingor receiving IP packets tothe renriote access points. The access points determines 
the MAC address of the wireless hub using BOOTP procedures. Conversely, the wireless hub is configured with 
the MAC address of remote access points. UDP/IP is used for network management of access points and for end 
system association and hand off messages. 

[0057] IEEE Standard 802.3 links in the cell site may be replaced by other speed links. 

[0058] FIG. 7 shows the protocol stack for a local access point. At the base of the stack is physical layer PHY Physical 
layer PHY carries data to and from an end system over the air using radio waves as an example. When received from 
an end system, the AP receives data from the physical layer and unpacks it from the MAC frames (the MAC layer). 
The end system data frames are then repacked into an Ethernet physical layer format (IEEE 802.3 format) where it is 
send via the Ethernet link to the wireless hub. When the AP's processor receives data from the wireless hub via its 
Ethernet link (i.e.. the physical layer), the data to be transmitted to an end system, the AP packs the data in a medium 
access control (MAC) format, and sends the MAC layer data to its modulator to be transmitted to the end system using 
the PHY layer. 

[0059J In FIG. 8, the MAC and PHY layers to/from the end system of FIG, 7 are replaced by a MAC and PHY for the 
trunk to the cell site for a remote access point. Specifically, for a T1 trunk, the high level data link control protocol (HDLC 
protocol) is preferably used over the T1 . 

[0060] FIG, 9 depicts the protocol stack for the wireless hub that bridges the backhaul line and the trunk to the remote 
access point. The trunk to the remote APs are only required to support remote access points (as distinct from Ethernet 
coupled access points). The MAC and PHY layers for the wireless trunk to the remote APs provide a point to multipoint 
link so that one trunk may be used to communicate with many remote APs in the same sector. 
[0061] The wireless hub bridges the trunk to the remote APs and the backhaul line (e.g., T1 or T3) to the network's 
mobile switching center (MSG). The protocol stack in the wireless hub implements MAC and PHY layers to the MSG 
on top of which is implemented an IP (Internet Protocol) layer on top of which is implemented a UDP layer (Universal 
Datagram Protocal, in combination referred to as UDP/IP) for network management on top of which is implemented 
an XTunnel protocol. The XTunnet protocol is a new fomnat that includes aspects of mobility (e.g. as in mobile IP) and 
aspects of the Level 2 TunnelProtoco! (L2TP). The X-Tunnel protocol is used to communicate from the wireless hub 
to the MSG and between inter-working functions (I WFs) in different networks or the same network, 
[0062] In FIG. 1 0, the protocol stack for the relay function in the base station for supporting remote access points is 
shown. The relay function includes an interface tothe backhaul line (depicted as the wireless hub) and an interface to 
the remote AP (depicted as a trunk AP). From the point of view of the wireless hub, the trunk AP (depicted in FIGS. 7 
and 10) actually behaves like the AP depicted in FIG. 7. Preferably, the base station protocol stacks are split up into 
a wireless hub and a trunk AP with an Ethernet in between. In an N-sectpr wireless trunk, there are N wireless trunk 
APs in the ceil site and one wireless hub. 

[0063] In FIG. 11 , the base station protocol stack for a cell architecture using a local AP is shown. The relay function 
includes an interface to the backhaul line (depicted as the wireless hub) and an air link interface to the end system 
(depicted as an AP). From the point of view of the wireless hub. the AP (depicted in FIGS. 8 and 11 ) actually behaves 
like the trunk AP depicted in FIG. 8. Preferably, the base station protocol stacks are split up into a wireless hub and a 
trunk AP with an Ethernet in between. In a N-sector cell, there are N access points and a single wireless hub. 
[0064] The backhaul network from the base station to the MSC has the following attributes. 

1 . The network is capable of routing IP datagrams between the base station and the MSG. 
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i2. The network is secure. It is not a public internet. Traffic from trusted nodes only are allowed onto the network 
since the network will be used for not only transporting end system traffic, but also for transporting authentication, 
accounting, registration and management traffic. 

5 3. The network has the necessary pertormance characteristics. 

In typical application, the sen/ice provider is responsible for installing and maintaining the backhaul network on which 
the equipment is installed. 

[0065] The base stations supports the following backhaul interfaces for communicating with the MSG. 

10 

1 . Base stations support 1 P over PPP with HDLC links using point to point T1 or fractional T3 links. 

2. Base stations support IP over frame relay using T1 or fractional T3 links. 
15 3. Base stations support IP over AAL5/ATM using T1 or fractional T3 links. 



4. Base stations support IP over Ethernet links. 

[0086] Since all of the above interfaces are based on IETF standard encapsulations, commercial routers may be 
20 used in the MSG to terminate the physical links of the backhaul network. Higher layers are passed on and processed 
by the various servers and other processors. 

[0067] End system registration procedures above the MAC layer are supported. In the following, end system regis- 
tration procedures at the MAC layer are ignored except where they impact the layers above. 
[0068] End systems may registertor service on their home network orfrom a foreign network. In both scenarios, the 

25 end system uses a foreign agent (FA) in the base station to discover a point of attachment to the network and to register. 
In the former case, the FA is in the end system's home network. In the latter case, the FA is in a foreign network. In 
either case, the network uses an I WF intheend system's homenetworkasan anchor point (i.e., unchanging throughout 
the session in spite of mobility). PPP frames to and from the end system travel via the FA in the base station to the 
I WF in the home network. If the end system is at home, the home IWF is directly connected by means of the xtunnei 

30 protocol to the base station. Note that the home IWF nr\ay be combined with the base station in the same node. If the 
end system is roaming, a sending IWF in the foreign network is connected to the home IWF over an l-interface. The 
sen/ing IWF relays frames between the base station and the home IWF Note that the home IWF may be combined 
with the base station in the same node. From the home IWF. data is sent to a PPP server which may reside in the 
same IWF or to a separate sender using the .L2TP protocol. The separate server may be owned and operated by a 

35 private network operator (e.g. ISP or corporate intranet) who is different from the wirelesis service provider For the 
duration of the session, the location of the home IWF and the PPP sen/er remains fixed. If the end system moves while 
connected, it will have to re-register with a new foreign agent. However, the same home IWF and PPP server continues 
to be used. A new xtunnei is created between the new FA and the IWF and the old xtunnei between the old foreign 
agent and the IWF is destroyed. 

40 [0069] FIG. 1 2 shows this network configuration for two end systems A and B, both of whose home wireless network 
is wireless sen^ice provider A (WSP-A). One end system is registered from the home wireless network and the other 
from a foreign wireless network. The home IWF in WSP-A serves as the anchor point for both end systems. For both 
end systems, data is relayed to the home IWF The home IWF connects to an internet service provider's PPP server 
owned by ISP-A. Here it is assumed that both end systems have subscribed to the same ISP If that were not the case, 

45 then the home iWF woukl be shown also connected to another ISP. 

[0070] Within a wireless sen/ice providers network, data between base stations and the IWF is carried using the 
xfu/ine/ protocol. Data between the IWF and the PPP server is carried using Level 2 Tunneling Protocol (L2TP). Data 
between the sending IWF and the home IWF Is carried using the l-xtunnel protocol. 

[0071] In a simple scenerio, for a user in their home network requiring fixed sen/ice, the home IWF function may be 
so dynamically activated in the base station. Also, the serving IWF function may be activated for a roaming user in the 
base station. 

[0072] Always using an IWF in the home networic has its advantages and disadvantages. An obvious advantage is 
simplicity Adisadvantage is that of always having to relay data to and from a possibly remote home IWF The alternative 
is to send all the necessary information to the serving IWF sothat it may connect tolhe end system's ISP/intranet and 
55 for the sen/ing IWF to send accounting inf ornnatlon in near real time back to the accounting sen/er in the home network. 
This functionality is more complex to implement, but more efficient because it reduces the need to relay data over 
potentially long distances from the foreign network to the home network. 

[0073] For example, consider a case of a user who roams from Chfcago to Hong Kong. If the user's home network 
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is in Chicago and the user registers using .a wireless service provider in Hong Kong, then in the first configuration, the 
anchor point will be the home I WF in Chicago and all data will have to be relayed from Hong Kong to Chicago and vice 
versa. The home IWF in Chicago will connect to the user's ISP in Chicago. With the second configuration, the end 
system user will be assigned an ISP in Hong Kong. Thus, data will not always have to be relayed back and forth 
5 between Chicago and Hong Kong. In the second configuration, the serving IWF will sen/e as the anchor and never 
change for the duration of the session ieven if the end system moves. However, the location of the FA may change as 
a result of end system movement in Hong Kong. 

[0074] FIG. 1 3 shows the second network configuration. In this figure, the home network for end system A and B is 
WSP-A. End system A registers from its home network, using its home IWF as an anchor point, and also connects to 
10 its ISP-A using the ISPs PPP server. End system B registers from the foreign network of WSP-B and uses a sen/ing 
IWF which serves as the anchor point and connects the end system to an ISP using the ISP's PPP sender. In this 
configuration, data for end system B does not have to be relayed from the foreign network to the home network and 
vice versa. 

[0075] In order for this configuration to work, not only must there be roaming agreements between the home and 
15 the foreign wireless sen/ice providers, but there also must be agreements between the foreign wireless service provider 

and the end system's internet service provider directly or through an intem:iediary. In the example above, not only must 

the wireless sen/ice provider in Hong Kong have a business agreement with the wireless service provider in Chicago. 

but the WSP in Hong Kong must have a business agreement with the user's Chicago ISP and access to the Chicago 

ISPs PPP server in Hong Kong or a business agreement with another ISP locally in Hong Kong who has a business 
20 agreement for roaming with the user's Chicago ISR Additionally, the WSP in Hong Kong must be able to discover these 

roaming relationships dynamically in order to do user authentication and accounting and to set up the appropriate 

tunnels. 

[0076] It is difficult for those companies who are in the Internet inf rastructure business to work out suitable standards 
in the IETF for ail of these scenarios. Thus, a preferable embodiment for the present systems to implement the simpler. 
25 potentially less efficient configuration, where the IWF in the home network is always used as the anchor point. However; 
in the presence of suitable industry standardization of protocols for Internet roaming, the second configuration should 
be regarded as equivalent or alternative embodiment. 

[0077] An end system will have to register with the wireless network before it can start PPP and send and receive 
data. The end system first goes through the FA discovery and registration phases. These phases authenticate and 

30 register the end system to the wireless service provider Once these phases are over, the end system starts PPP. This 
includes the PPP link establishment phase, the PPP authenticatbn phase and the PPP network control protocol phase. 
Once these phases are over, the end system is able to send and receive IP packets using PPP 
[0078] The following discussion assumes that the end system is roaming and registering from a foreign network. 
During the FA discovery phase, the end system (through its user registration agent) waits for or solicits an advertisement 

35 from the foreign agent. The user registration agent uses advertisement messages sent by a near by foreign agent lo 
discover the identity of the FA and to register. During this phase, the user registration agent of the end system selects 
a FA and issues a registration request to it. The FA acting as a proxy registration agent fonwards the registration request 
to its registration sen/er (the registration server in the foreign WSP). The registration server uses User-Name from the 
user registration agent's request to determine the end system's home network, and forwards the registration request 

40 tor authentication to a registration server in the home network. Upon receiving the registration request relayed by the 
foreign registration sen/er, the home registration sen/er authenticates the identity of the foreign registration sen/er and 
also authenticates the identity of the end system. If authentication and registration succeeds, the home registration 
server selects an IWF in the home network to create an l-xtunnet link between the home tWF and the serving IWF (in 
the foreign WSP). The IWF in the home network sen/es as the anchor point for the duration of the PPP session. 

45 [0079] Once the authentication and registration phases are over, the various PPP phases will be started. At the start 
of PPP, an L2TP connection is created between the home IWF and requested ISPAntranet PPP sen/er. In the PPP 
authentication phase, PPP passwords using Password Authentication Protocol (PAP) or Challenge Authentication Pro- 
tocol CHAP are exchanged and the ISP or Intranet PPP server independently authenticates the identity of the end 
system. 

50 [0080] Once this succeeds, the PPP network control phase is started, in this phase, an JP address is negotiated and 
assigned to the end system by the PPP sen/er and the use of TCP/IP header compression is also negotiated. When 
this is complete, the end system is able to send and receive IP packets using PPP to its ISP or a corporate intranet. 
[0081] Note that two levels of authentication are performed. The first authentication authenticates the identity of the 
end system to the registration server in the home network and the identities of the foreign network and the home 

55 network to each other To perform this function, the foreign agent fonwards the end system's registration request using, 
for example, an IETF Radius protocol to a registration server in its local MSC in a Radius Access-Request packet. 
Using the end system's domain name, the foreign registration sen/er determines the identity of the end system's home 
network and home registration server and acting as a Radius proxy, encapsulates and fonwards the request to the end 
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system's homo registration server, if the foreign registration server cannot determine the identity of the end system's 
home, it may optionally forward the Radius request to a registration server that acts like a broker (e.g. one that is owned 
by a consortium of wireless service providers), which can In turn proxy the Radius Accessflequest to the final home 
registration sierver. If the local registration server is unable to service the registration request locally or by proxy ing. 

5 then it rejects the foreign agent's registration request and the foreign agent rejects the end system's registration request. 
Upon receiving the Radius Access-Request, the home registration server performs the necessary authentication of 
the identities of the foreign network and the end system. If authentication and registration succeeds, the home regis- 
tration server responds with a Radius Access-Response packet to the foreign registration server which sends a re- 
sponse to the foreign agent so that a round trip can be completed. The registration request is rejected if the home 

10 registration server is unable to comply for any reason. 

[0082] The second level of authentication verifies the identity of the end system to the intranet or ISP PPP server. 
PPP authentication, separate from mobility authentication allows the infrastructure equipment to be deployed and 
owned separately from the ISP. 

[0083] FIG. 1 4 is a ladder diagram showing the registration sequence for a roaming end system. It is assumed that 
'5 the PPP server and the home I WF are in the same sender and L2TP is not required. Note the interactions with accounting 
servers to start accounting on behalf of the registering end system and also directory servers to determine the identity 
of the home registration sen/er and to authenticate the end system's identity. More information on accounting/billing, 
roaming (between service providers) and settlement will be provided below. 

[0084] MAC layer messages from the user registration agent of the end system may be used to initiate Agent Solic- 

20 itation. The MAC layer messages are not shown for clarity. 

[0085] In FIG. 14, the end system (mobile) initially solicits an advertisement iand the foreign agent replies with an 
advertisement that provides the end system with infomnation about the network to which the foreign agent belongs 
including a care-of-address of the foreign agent. Alternatively, this phase may be removed and. all network advertise- 
ments may be done by a continuously emitted MAC layer beacon message. In this case, the network is assumed to 

2S be a foreign wireless service provider. Then, a user registration agent (in the end system) incorporates the information 
about the foreign agent (including the user name and other security credentials) and its network Into a request and 
sends the request to the foreign agent. The foreign agent, as a proxy registration agent, relays the request to the foreign 
registration server (i.e., the registration server for the foreign wireless service provider Then, the foreign registration 
..server, recognizing that it is not the home directory, accesses the foreign directory sen/er with the FDD in the foreigri 

30 wireless service provider to learn how to direct the registration request to the hortie registration server of the wireless 
service provider to which the end system belongs. The foreign registration server responds with the necessary for- 
warding information. Then, the foreign registration server encapsulates the end system's registration request in a Ra- 
dius access request and relays the encapsulated request to the home registration server of the wireless service provider 
to vkrtiich the end system belongs. The home registration server accesses the home directory server with the HDD of 

35 the home registration server to learn at least authentication information about the foreign service provider Optionally, 
the home registration iserver accesses the subscriber's directory to learn detail subscriber service profile information 
(e.g., quality of service options subscribed to, etc.). When ail parties are authenticated, the home registration server 
sends a start IWF request to the home IWF and PPP sen/er The home IWF and PPP server starts the home accounting 
server and then sends a start IWF response to the home registration sen/er The home registration sen/er then sends 

40 a Radius access response to the foreign registration server The foreign registration sen/er then sends a start IVVF 
request to the serving IWF server This serving IWF server starts the serving accounting server and then sends a start 
IWF response to the foreign registration server. The foreign registration server sends a registration reply to the foreign 
agent, and the foreign agent relays the registration reply to the end system. 

[0086] A link control protocol (LCP) configuration request is send by the end system through the foreign registration 
45 server to the home IWF and PPP server. The home IWF and PPP server sends an LCP configuration acknowledgment 
through the foreign registration server to the end system. 

[0087] Similarly, a password authentication protocol (PAP) authentication request is sent to and acknowledged by 
the home IWF and PPP server Alternatively, a challenge authentication protocol (CHAP) may be used to authenticate. 
Both protocols may be used to authenticate or this phase may be skipped. 
50 [0088] Similarly, an IP configuration protocol (IPCP) configure request is sent to and acknowledged by the home 
IWF and PPP sen/er 

[0089] The connection to the end system may be terminated because of any one of the following reasons. 

1 . User initiated termination. Under this scenario, the end system first terminates the PPP gracefully This includes 
55 terminating the PPP network control protocol (IPCP) followed by terminating the PPP link protocol. Once this is 

done, the end system de-registers from the network followed by termination of the radio link to the access point. 

2. Loss of wireless link. This scenario is detected by the modem and reported to the modem driver in the end 
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system. The upper layers of the software are notified to terminate the stacks and notify the user. 

3. Loss of connection to the foreign agent This scenario is detected by the mobility driver in the end system. After 
trying to reestablish contact with a (potentially new) foreign agent and failing, the driver sends an appropriate 

s notification up the protocoi stack and also signals the modem hardware below to terminate the vyireless link. 

4. Loss of connection to the fWF. This is substantially the same as for loss of connectbn lo the foreign agent, 

5- Termination of PPP by iHF or PPP sender This scenario is detected by the PPP software in the end systenn. 
10 The end system^s PPP driver is notified of this event. It initiates de-registration from the network followed by 

termination of the wireless link to the access point. 

[0090] End system service configu ration refers to the concept of configu ring the network sen/ice for an end system 
based on the subscriber's sen/ice profile. The subscriber's service profile is stored in a subscriber directory. The service 

IS profile contains information to enable the software to customize wireless data service on behalf of the subscriber. This 
includes information to authenticate the end system, allow the end system to roam and set up connections to the end 
system's internet service provider. Preferably, this information also includes other parameters, like, quality of sen^ice. 
In addition to the subscriber directory, a home domain directory (HDD) and a foreign domain directory (FDD) are used 
tor roaming and for authenticating the foreign and home registration servers to each other. The HDD stores information 

20 about the end system's home network and the FDD stores information about foreign networks that a subscriber may 
visit. 

[0091] FIG. 15 shows how these directories map into the network architecture and are used during registration for 
an end system that Is registering at home. In step 0 the end system (mobile) solicits and receives an advertisement 
from the foreign agent to provides the end system with information aboutthe network to which the foreign agent belongs. 

25 In this case, the network is the home wireless service provider. In step 1 , user registration agent (in the end system) 
incorporates the information about the foreign agent and its network and its security credentials into a request and 
sends the request to the foreign agent. In step 2. the foreign agent, as a proxy registration agent, relays the request 
to the home registration sen/er In step 3. the home registration server accesses the HDD of the home wireless sen/ice 
provider to tearh at least authentication information. In step 4, the home registration server accesses the subscriber 

30 directory to learn detail subscriber service profile infornrvation (e.g.. quality of service options subscribed to, etc.). In 
step 5, the home registration server notifies the foreign agent of the access response. In steps 6 and 7, the foreign 
agent notifies the end system (i.e., mobile) of the registration reply 

[0092] FIG. 1 6 shows directory usage for an end system that is registering from a foreign network. In step 0 the end 
system (mobile) solicits and receives an advertisement and the toreign agent advertises vrtiich provides the end system 

35 with information about the network to which the foreign agent belongs. In this case, the network is a foreign wireless 
service provider. In step 1 , user registration agent (In the end system) incorporates the information about the foreign 
agent and its network and its security credential into a request and sends the request to the foreign agent. In step 2, 
the foreign agent, as a proxy registration agent, relays the request to the foreign registration server (i.e. , the registration 
server for the foreign wireless service provider. In step 3, the foreign registration sender accesses the HDD of foreign 

40 wireless sen/ice provider to learn the network to which the end system belongs. In step 4. the foreign registration server 
fonwards the end system's request to the home registration server of the end system's home wireless sen/ice provider 
In step 5. the home registration server accesses the FDD of the home registration sen/er to learn at least authentication 
information about the foreign sen/ice provider. In step 6, the home registration sen/er accesses the subscriber's direc- 
tory to learn detail subscriber service profile information (e.g., quality of service options subscribed to, etc.). In step 7, 

45 the home registratbn server notifies the foreign registratbo server of the acceiss response. In step 8, the foreign reg- 
istration sen/er fonwards to the foreign agent the access response. In step 9. the foreign agent notifies the end system 
(i.e.. mobile) of the registration reply. 

[0093] Protocol handling scenarios handle bearer data and the associated stacks for transporting bearer data to and 
from an end system. The protocol stacks for the cell architectures use local APs (FIG. 17) and remote APs (FIG. 18). 
50 [0094] FIG. 1 7 shows the protocol stacks for handling communications between an end system (in its.home network) 
and a home I WF for End System @ Home. FIG. 1 7 shows the protocol handling for a cell architecture where the access 
point and the wireless hub are co-located. 

[0095] FIG. 1 8 shows the protocol handling for a cell architecture where the access point is located remotely from 
the wireless hub. As shown, PPP terminates in the IWF and the configuration provides direct internet access. The 
55 configuration for the case where the PPP server Is separate from the IWF is described later. 

[0096] In FIG. 1 8, PPP frames from the end system are encapsulated in RLP (radio link protocol) frames which are 
encapsulated at the remote access point in MAC frames for communicating with the tarnkaccess point (i.e.. an access 
point physically located near the wireless hub), the remote access point being coupled to the access point by. for 
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example a wireless trunk). The access point functions as a MAC layer bridge and relays f rarties from the air link to 
theSn agent in the wireless hub. The foreign agent de-encapsulates the RLP frames out of the MAC frames and 
using the xfiinr^/prptocol, relays the RLP frames to the IWF. A similar, albeit reverse, process occurs for transmrtting 
frames from the IWF to the end system. , ^ ^ 

oS Tme end system moves to another foreign agent, then a new xlunnel will be automatically created between 
he new foreign agent and the IWF. so that PPP traffic continues to flow between them, without interruption. 
S in the remote AP cell arch» (FIG. 18) using wireless trunks between the remote AP and the trunk AP 
E link between the end system and the access point may operate at a deferent frequency (f 1 ) and use a different 

radio technology as compared to the frequency {f2) and radio technology of the trunk. , ^ , ^ , , , 

FIG ?9 shows L protocol stacks for a roaming end system. The sen/ing IWF uses of the /-xfunne/protocol 
between the sen/ing IWF and home IWF. The rest of the protocol stacks remain unchanged and are not shown. This 
architecture may be simplified by merging the sen/ing IWF into the base statbn, thus ^''^'"^l;"^ ^° P^J^l 
roiOOl The RLP layer uses sequence numbers to drop duplicate PPP datagrams and provide in-sequence delivery 
of PPP datagrams between the end system and the IWF. It also provides a configurable keep-a^^ve n»echan«m to 
montor link connectivity between the end system and the IWF. Addittonally. in an altematn/e embodiment, the RLP 
Zr a «, provkJes rinsmission and flow control sen^ices in order to reduce the overall bit error rate of the link 
betwin ttie end system and the.lWF. The RLP between the end system and the IWF Is started at the beginning of 
the session.and remains active throughout the session and even across hand-offs. 

10101] lncontrasttothespecificationlnthemobilelPRFC(RFC2003),IPinlPencapsulation.snotusedf^o^^^^^^ 
20 between the foreign agent and the home IWR Instead a new tunneling protocol, implemented on top o UPP is used. 
This tunneling protocol Is a simplified version of the L2TP protocol. The reasons for this choice are as follows. 

1. The encapsulation protocol specified in RFC 2003 does not provide flow control 1^;^^^^%^^!^''' 
packets The presently described network.may need these services in the tunnel over the backhaul. Flow control 

25 may be needed to reduce the amount of retransmissbns over the air linkbecause of packet loss due toflow control 

ptMems over the network between the base station and the MSC or because of flow control problems in the base 

Station or the IWF. 

2. By using a UDP based tunneling protocol, the implementation can be done at the user level and then put into 
30 the kernel for performance risasbns, after it has been debugged. 

3 Using RFC 2003, there is no easy way of creating tunnels taking into account quality of service and load bal- 
ancinq In order to take QOS into account, it should be possible to set up tunnels over links that already provide 
the required QOS. Secondly, using RFC 2003. there is no easy way to provide load balancing to distribute bearer 

35 traffic load over multiple links between the base station and the MSC. 

4 In order to implement IP in IP encapsulation as specified in RFC 2003. developers require access to IP source 
code, in commercial operating systems, source code for the TCP/IP stack is general^ P[°Pf ^^J^^^^^IJ 
ment manufacturers. Purchasing the TCP/IP stack from a vendor and making changes to h. 'P ^V^^^^ J"PPJJ 

40 mobile IP tunneling would require a developer to continue supporting a variant version of the TCP/IP stack. This 

adds cost and risk. 

[01021 While it is noted that the tunneling protocol between the base station and the IWF is non-standard and that 
he wireless sen^ice provider will not be able to mb( and match equipment from different vendors, the use of a non- 
standard tunneling protocol within a single wireless service provider network is transparent to end systems and equip- 

piMr'rhTnirtun'neling protocol is based on L2TR By itself. .L2TP is a heavyweight tunneling pMj^JhaX 
L2TP has a lot of overhead associated with tunnel creation and authentication. The new tunneling protocol of the 
present system has less overhead. The new xlunnel prototjol has the following features. 

1 The xfunne/creation adds vendor specific extensions to Radius Access Request and Radius Access Response 
messages between the base station and the registration sen/er. These extensions negotiate tunnel parameters 
and to create the tunnel. 

55 2 The registration sender is able to delegate the actual work of tunneling and relaying packets to a diffe^^nt IP 

address, and therefore, to a different sender in the MSC. This permits the registration sen/er to do bad balancing 
across multiple IWF servers and to provide different CXDS to various users 
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3 The xfunne/protocol supports in-band control messages for tunnel management. These messages include echo 
request/response to test tunnel connectivity, disconnect request/response/notify to disconnect the tunnel and error 
notify for error notifications. These messages are sent over the tunneling media, for example. UDP/IP. 

4. The xfunne/ protocol sends payload data over the tunneling media, for example. UDP/IP The xf ynne/ protocol 
supports flow control and in-sequence packet delivery. 

5. The xtunrT©/ protocol may be implemented over media other than UDP/IP for quality of sen/ice. 

[0104] The network supports direct inter net connectivity by terminating the PPP in the home IWF and routing IP 
packets from the IWF to the internet via a router using standard IP routing techniques. Preferably, the IWF runs Routing 
Information Process (BIP), and the router also runs RIP and possibly other routing protocols like Open Shortest Path 

First (OSPF). ^ . . 

[01 05] The network supports a first configuration for a wireless service provider who is also an internet sen/ice pro- 
vider. In this configuration, the home IWF in the MSG also functions as a PPP sen/er This IWF also runs internet 
routing protocols like RIP and uses a router to connect to the internet service provider's backbone network. 
[01 06] The network supports a second conf igu ration for a wireless service provider who wishes to allow end systems 
to connect to one or more internet sen^ice providers, either because the WSP itself is not ISPs, or because the WSP 
has agreements with other ISPs to provide access to end users. For example, a wireless sen^ice provider may elect 
to offer network access to an end user and may have an agreement with a 3^^ party ISP to allow the user who also 
has an account with the 3^^ party ISP to access the ISP from the WSP network. In this configuration, the PPP server 
does not run in the home IWF installed at the MSG. Instead, a tunneling protocol like L2TP (Layer Two Tunneling 
Protocol) is used to tunnel back to the ISP's PPP server. FIG. 10 shows the protocol stacks for this configuration for 
an end system that is at home. 

[01 07] The location of the home IWF and the ISP PPP server remains fixed throughout the PPP session. Also, the 
L2TP tunnel between the IWF and the ISP's PPP sen/er remains up throughout the PPP session. The physical link 
between the IWF and the PPP sen/er is via a router using a dedicated T1 or T3 or frame relay or ATM network. The 
actual nature of the physical link is not important from the point of view of the architecture. 

[0108] This configuration also supports Intranet access. For intranet access, the PPP sen/er resides in the corporate 
intranet and the home IWF uses L2TP to tunnel to it. 

[0109] For a fixed end system, the protocol handling for intranet or ISP access is as shown in FIG. 20 with the 
difference that the roaming end system uses a serving IWF toconnect to its home IWF The protocol handling between 
a sen/ing IWF and a home IWF has been described earlier. In Figure 20. the home IWF may be merged into the wireless 
hub eliminating the X-Tunnel protocol. Also, the sen/ing IWF may be merged into the wireless hub, thus eliminating 
the X-Tunnel protocol. 

[0110] FIG. 21 shows the protocol stacks used during the registration phase (end system registration) for a local AH 
cell architecture. The stack for a remote AP ceil architecture is very similar 

[0111] The scenario shown above is for a roaming end system. For an end system at home, there is no foreign 
registration server in the registration path. 

[0112] Note the mobility agent in the end system, tne mobility agent in the end system and foreign agent in the 
wireless hub are conceptually similar to the mobile IP RFG 2002. The mobility agent handles network errors using 
time-outs and re-trys. Unlike the known protocol stacks for bearer data. RLP is not used. The foreign agent and the 
registration servers use Radius over UDP/IP to communicate with each other for registering the end system. 
[0113] Several aspects of security must be considered. The first, authenticating the identities of the end system and 
the foreignAnome networks during the wireless registration phase. Second, authenticatingthe identity of the end system 
with its PPP sen/er during the PPP authentication phase. Third, authentication for storing accounting data, for billing 
and for updating home domain information. Fourth, encryption of bearer traffic transmitted to and from the end system. 
Fifth, encryption for exchanging billing information across sen/ice provider boundaries. 

[0114] Shared secrets are used to authenticate the identity of end systems with their home networks and the identity 
of the home and foreign networks with each other during wireless registration. 

[0115] End system authentication uses a 128-bft shared secret to create an authenticator for its registration request. 
The authenticator is created using the known MD5 message digest algorithm as described in the mobile IP RFG 2002. 
Alternatively, a different algorithm may be used. The shared secret is not sent in the registration request by the end 
system. Only the authenticator is sent. On receiving the registration request from the end system^ the home registration 
sen/er re-computes the authenticator over the registration request data using the shared secret, if the computed au- 
thenticator value matches the authenticator value sent by the end system, the home registration sen/er allovrc the 
registration process to proceed. If the values do not match, the home registration sen/er logs the event, generates a 
security vralation alamn and a nak (i.e.. a negative acknowledgment) to the request; 
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[0116] In the registration reply, the home registration server does the same - that is to say, uses the shared secret 
to create an authenticatprlpr the registration reply that it sends to the end system. Upon receiving the reply, the end 
system re-computes the authenticator using the shared secret. II the computed value does not match the authenticator 
value sent by the home registration server in the reply, the end system discards the reply and tries a^in. 

5 [0117] These network security concepts are similar to the concepts defined in mobile IP RFC 2002. According to the 
RFC, a mobility security association exist between each end system and its home network. Each mobility security 
association defines a collection of security contexts. Each security context defines an authentication algorithm, a mode, 
a secret (shared or public-private), style of replay protection and the type of encryption to use. In the context ol the 
present networK the end system's User-Name (in lieu oi the mobile IP home address) is used to identify the mobirrty 

10 security association between the end system and its home network. Another parameter, called the security parameter 
index (SPI), is used to select a security context within the mobility security association. In a basic embipdiment of the 
invention, only the default mobile IP authentication algorithm (keyed-MD5) arid the default mode :("p!refix+suffix") are 
supported with 128-bit shared secrets. Network users are allowed to define multiple shareid secrets with their home 
networks. The mechanism for creating security contexts for end users, assigning an SRI to each security context and 

IS for setting the contents of the security context (which includes the shared secret) and for modifying their contents are 
described below. During registratfon, a 128-bit message digest is computed by the end system in prefix + suffix mode 
using the Mb5 algorithm. The shared secret is used as the prefix and the suffix for the data to be protected in the 
registration request. The authenticator thus computed, along with the SPI and the User-Name are transmitted in the 
registration request by the end system. Upon receiiving the end system's registration request, the foreign registration 

20 sender relays the request along with the authenticator and the SPI, unchanged to the home registration sender. Upon 
receiving the registration request directly from the end system or indirectly via a foreign registration server, the home 
registration sen/er uses the SPI and the User-Name to select the security context. The home sender re-computes the 
authentrcator using the shared secret. If the computed authenticator value matches the value of the authenticator sent 
in the request by the end system, the user's identity will have been successfully authenticated. Otherwise, the home 

2S registration server naks (negatively acknowledges) the registration request sent by the end system. 

[01 1 8] The registration reply sent by the home registration server to the end system Is also authenticated using the 
algorithm described above. The SPI and the computed authenticator value is transmitted in the registration reply mes- 
sage by the home server to the end system. Upon receiving the reply, the end system re-computes the authenticator. 
and if the coriiputed value does not match the transmitted value, it will discard the rieply and retry. 

30 [0119] The user's end system has to be configured with the shared secret and SPIs for ail security contexts that the 
user shai-es with its registration server(s). This configuration information is preferably stored in a Win 95 registry for 
Windows 95 based end systems. During registration, this information is accessed and used for authentication purposes. 
[0120] In the network. Radius protocols are used by foreign agent FA to register the end system and to configure 
the x/ynne/ between the wireless hub and the home and serving IWFs on behalf of the end system. On receiving a 

35 registration request from the end system, the FA creates a Radius Access-Request packet, stores its own attributes 
into the packet, copies the end system's registration request attributes unchanged into this packet and sends the 
combined request to the registration sen/er in the MSG. 

[0121] Radius authentication requires that the Radius client (in this case, the FA in the base station) and the Radius 
sen/er (in this case, the registration server in the MSG) share a secret for authentication purposes. This shared secret 

40 is also used to encrypt any private information communicated between the Radius client and the Radius sen/er. The 
shared secret is a configurable parameter. The network follows the recommendations in the Radius RFC and uses the 
shared secret and the A/ID5 algorithm for authentication and for encryptton, where encryption is needed. The Radius- 
Access Request packet sent by the FA contains a Radius User-Name attribute (which is provided by the end system) 
and a Radius User-Password attribute. The value of the User-Password attribute is also a configurable value and 

4S encrypted in the way recommended by the Radius protocol. Other network specific attributes, which are non-standard 
attributes from the point of view of the Radius RFC standards, are encoded as vendor specific Radius attributes and 
sent in the Access-Request packet. 

[01 22] The following attributes are sent by the FA to its registration server in the Radius Access-Request packet. 

so 1. User-Name Attribute. This is the end system's user-name as supplied by the end system in its registration 

request. 

2. User-Password Attribute, This user password is supplied by the base station/wireless hub on behalf of the user. 
It is encoded as described in the Radius EFC using the secret shared between the base station and its registration 

ss server. 

3. NAS-Port. This is the port on the base station. 
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4. NAS'lR'Address. This is the IP address of the base station. 

5. Service-Type. This is framed service. 

s 6. Framed ProtocoL This is a PPP protocol. 

7. Xtunnel Protocol Parameters. These parameters are sent by the base station to specify the parameters neces- 
sary to set up the xfunne/ protocol on behalf of the end system. This is a vendor-specific attribute. 

10 8. AP'IP-Address, This is.the IP address of the AP through which the user is registering. This is a vendor-specific 

attribute. 

9. AP-MAC'Address. This is the MAC address of the AP through which the user is registering. This is a vendor- 
specific attribute. 

IS 

10. End system's Registration Request The registration request trom the end system is copied unchanged into 
this vendor specific attribute. 

[01 23] The following attributes are sent to the FA from the registration server in the Radius Access-Response packet. 

20 

1 . Service Type. This is a framed service. 

2. Framed'Protocol. This is a PPP. 

25 3. Xtunnel Protocol Parameters. These parameters are sent by the registration server to specify the parameters 

necessary to set up the xtunnel protocol on behalf of the end system. This is a vendor-specific attribute. 

4. Home Registration Server's Registration Reply This attribute is sent tothe FAfrbm the home registration sender. 
The FA relays this attribute unchanged to the end system in a registration reply packet. If there is a foreign regis- 
30 tration server in the path, this attribute is relayed by it to the FA unchanged. It is coded as a vendor -specific attribute. 

[0124] To provide service to roaming end systems, the foreign network and the home network are authenticated to 
each other for accounting and billing purposes using the Radius protocol for authentication and configuration. This 
authentication is performed at the time of end system registration. As described earlier, when the registration sen/er 
35 in the foreign network receives a registration request from an end system (encapsulated as a vendor specific attribute 
in a Radius-Access Request packet by the FA), it uses the end system's tJser-Name to determine the identity of the 
end system's home registration server by consulting its home domain directory HDD. The following information is stored 
in home domain directory HDD and accessed by the foreign registration server in order to forward the end system's 
registration request. 

40 

1. Home Registration Sen/er IP Address. Jh\& is the IP address of the home registration server to forward the 
registration request. 

2. Foreign Registration Server Machine Id. This is the niachine I D of the foreign registration server in SMTP (sim- 
45 pirfied mail transfer protocol) format {e.g.. machine @fqdn where machine is the name of the foreign registration 

sen/er machine and fqdn is the fully qualified domain name of the foreign registration sen/er's domain). 

3. Tunneling Protocol Parameters. These are parameters for configuring the tunnel between the serving I WF and 
the home IWF on behalf of the end system. These include the tunneling protocol to be used between them and 

50 the parameters for configuring the tunnel. 

4. Shared Secret This is the shared secret to be used for authentication between the foreign registratbn sender 
and the home registration sen/er. This secret is used for computing the Radius User-Password attribute in the 
Radius packetsent by the foreign registratk^n sen/er to the home registration sen/er It is defined between the two 

ss. wireless service providers. 

5. User-Password. This is the user password to be used on behalf of the roaming end system. This user password 
is defined between the two wireless sen/ice providers. This password is encrypted using the shared secret as 
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described in the Radius RFC, 

6. Accounting Parameters. These are parameters for configuring accounting on behalf of the end system that is 
registering. These parameters are sent by the registratbn server to its IWF for configuring accounting on behalf 
5 of the end system. 

[0125] Using this information, the foreign registration server creates a Radius Access-Request, adds its own regis- 
tration and authentication information into the Radius Access-Request, copies the registration information sent by the 
end system unchanged into the Radius Access-Request and sends the combined request to the home registration 
w server 

[0126] Upon receiving the Radius-Access Request from the foreign registration server (for a roaming end system) 
or directly from the FA (for an end system at home), the home registration sen/er consults its own directory server for 
the shared secrets to verify the identity of the end system and the identity of the foreign registration server in a roaming 
scenario by re-computing authenticators. 
15 [0127] After processing the request successfully, the horhe registration server creates a Radius Access-Accept rer- 
sponse packet and sends it to the foreign registration server if the end system is roaming, or directly to the FA from 
which it received the Radius Access-Request. The iresponse contains the registration reply attribute that the FA relays 
to the end system. 

[01 28] tf the request can not be processed successfully, the home registration sen/er creates a Radius Access-Reject 
20 response packet and sends it to the foreign registration server if the end system is roaming, or directly to the FA from 
which it received the Radius Access-Request. The response contains the registration reply attribute that the FA will 
relays to the end system. 

[0129] In a roaming scenario, the response from the home registration server is received by the foreign registration 
server. It is authenticated by the foreign registration server using the shared secret. After authenticating, the foreign 
25 registration server processes the response, and in turn, it generaleis a Radius response packet (Accept or Reject) to 
send to the FA. The foreign registration server copies the registration reply attribute from the home registration server's 
Radius response packet, unchanged, into its Radius response packet. 

[0130] When the FA receives the Radius Access-Response or Radius Access-Reject response packet, it creates a 
registration reply packet using the registration reply attributes from the Radius response, and sends the reply to the 

30 end system, thus completing the round trip registration sequence. 

[0131] Mobile IP standards specifies that replay protection for registrations are implemented using time stamps, or 
optionally, using nonces. However, since replay protection using time. stamps requires adequately synchronized time- 
of-day clocks between the corresponding nodes, the present system implements replay protection during registration 
using nonces even though ireplay protection using time stamps is mandatory in the Mobile IP standards and the use 

35 nonces is optional. However, replay protection using time stamps as an alternative embodiment is envisioned. 

[0132] The style of replay protection used between nodes is stored in the security context in addition to the authen- 
tication context, mode, secret and type of encryption. 

[0133] The network supports the use of PPP PAP (password authenticatbn) and CHAP (challenge authenticated 
password) between the end system and its PPP server. This is done independently of the registration and authentication 

40 mechanisms described earlier This allows a private intranet or an ISP to independently verify thiB identity of the user 
[0134] Authentication for accounting and directory services is described below with respect to accounting security. 
Access to directory servers Uorn network equipment in the same MSC need not be authenticated. 
[01 35] The network supports encryption of bearer data sent between the end system and the home IWF. End systems 
negotiate encryption to be on or off by selecting the appropriate security context. Upon receiving the registration request. 

45 the home registration server grants the end system's request for encryption based upon the security context In addition 
to storing the authentication algorithm, mode, shared secret and style of replay protection, the security context is also 
used to specify the style of encryption algorithm to use. If encryption is negotiated between the end system and the 
home agent, then the complete PPP frame is so encrypted before encapsulation in RLP 

[01 36] The TWF, the accounting server and the billing system are part of the same trusted domain in the MSG. These 
50 entities are either connected on the same LAN or part of a trusted intranet owned and operated by the wireless service 
provider Transfer of accounting statistics between the IWF and the accounting sen/er and between the accounting 
server and the customer's billing system may be encrypted using Internet IP security protocols like tPrSec. 
[01 37] The network makes it more difficult to monitor the location of the end system because it appears that all PPP 
frames going to and from the end system go through the home IWF regardless of the actual locatkm of the end system 
55 device. 

[01 38] Accounting data is collected by the sennng IWF and the home IWF in the network. Accounting data collected 
by the serving IWF is sent to an accounting sen/er in the sen/ing IWFs MSC. Accounting data collected by the home 
IWF is sent to an accounting server in the home IWF's MSG. The accounting data collected by the sen/ing IWF is used 
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by the toreign wireless service provider for auditing and tor settlement of bills across wireless service provider bound- 
aries (to support roaming and mobility). Tbe accounting data collected by the home IWF is used for billing the end user 
and also for settlement across wireless service provider boundaries to handle roaming and mobility 
[0139] Since all data traffic flows through the home IWF, regardless of the end system's location and the foreign 
5 agent's location, the home I WF has all the information to generate bills for the customer and also settlement information 
for the use of forelgn.networks, 

[0140] The sending IWF and the home IWF preferably use the Radius accounting protocol for sending accounting 
records for registered end systems, the Radius accounting protocol is as documented in a draft IETF RFC. For the 
present invention, the protocol has to be extended by adding vendor specific attributes for the network and by adding 
10 check-pointing to the Radius Accounting protocol. Check-pointing in this context refers to the periodic updating of 
accounting data to minimize risk of loss of accounting records. 

[0141] The Radius accounting protocol runs over UDP/IP and uses re-trys based on acknowledgment and timie outs. 
The Radius accounting client (serving IWFs or home IWFs) send UDP accounting request packets to their accounting 
servers which send acknowledgments back to the accounting clients. 

ts [iDl42] In the network, the accounting clients (sen/ing IWF and the home IWF) emit an accounting start indication at 
the start of the user's session and an accounting stop indication at the end of the user's session. In the middle of the 
session, the accounting clients emit accounting checkpoint indications. In contrast, the Radius accounting RFC does 
not specify an accounting checkpoint indication. The software of the present system creates a vendor specific account- 
ing attribute for this purpose. This accounting attribute is present in all Radius Accounting-Request packets which have 

20 Acct-Status-Type of Start (accounting start indications). The value of this attribute is used to convey to the accounting 
server whether the accounting record is a check-pointing record or not. Check-pointing accounting reports have a time 
attribute and contain cumulative accounting data from the start of the session. The frequency of transmitting check- 
point packets is configurable in the present invention, 

[0143] The sending IWF and the home IWF are configured by their respective registration senders for connecting to 
25 their accounting servers during the registration phase. The configurable accounting parameters include the IP addre^ 
and UDP port of the accounting server, the frequency of check-pointing, the session/multi-session id and the shared 
secret to be used between the accounting client and the accounting server. 

[0144] The network records the following accounting attributes for each registered end system. These accounting 
attributes are reported in Radius accounting packets at the start of the session, at the end of the session and in the 
so middle (check-point) by accounting clients to their accounting sen/ers. 

1. User Name. This Is like the Radius User-Name attribute discussed above. This attribute is used to identify the 
user and is present in all accounting reports. The format is "user ©domain" where domain is the fully qualified 
domain name of the user*s home. 

35 

2. NAS IP Address. This is like the Radius N AS -IP- Address attribute discussed above. This attribute is used to 
identify the IP address of the machine running the home IWF or the sen/ing tWR 

a Radio Port. This attribute identifies the radio port on the access point providing service to the user. This attribute 
40 is encoded as a vendor specific attribute. 

4. Access Point IP Address. This attribute identifies the IP address of the access point providing sen/ice to the 
user This attribute is encoded as a vendor specific attribute, 

45 6. Service Type. This is like the Radius Sen/ice-Type attribute described above. The value of this attribute is 

Framed. 

6. Framed Protocol, this is like the Radius Framed-Protocol attribute described above, the value of this attribute 
is set to indicate PPP 

50 

7. Accounting Status Type. This is like the Radius Acct-Status-Type attribute described above. The value of this 
attribute may be Start to mark thie start of a user's session with the Radius client and Stop to mark the end of the 
user's session with the Radius client. For accounting clients, the Acct-Status-Type/iStart attribute is generated 
when the end system registers. The Acct-Status-type/Stop attribute is generated when the end system de-registers 

55 for any reason. For checkpoints, the value of this attribute is also Start and the Accounting Checkpoint attribute is 

also present. 

8. Accounting Session Id. This is like the Radius Acct-Session-ld described above. In a roaming scenario, this 
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session id is assigned by the foreign registration server vrtien the end system issues a registration request. It is 
c^ZicrdtohehoLregistrationLn^erbytheforeignregist^^^^^ 

T?e home network and the foreign network both know the Acct.Sess.on-ld attnbute and are able to emrt this 
attributewhilesendingaccountingrecordstotheirrespecth^eaccountingsen/ersJna-endsystem^^^^^^^ 
nario. this attribute is generated by the home registration sender. The reg.strat.on server communK:ates the value 
of this attribute to the IWF which emits it in all accounting records. 

9 Aocounting Multi-Session /d This is like the Radius Acct-Multi-Session-ld discussed above. This id is assigned 
bySom^egistrationsen^erwhenar^^^^^^^^ ' 
server on behalf of an end system. It is communicated to the foreign registration server by the home [eg » 

fn the registration replUessage. The registratk^ server(s^ 
IWF(s) which emit it in all accounting records. 

r01451 With true mobility added to the arehitecture. the id is used to relate together the accounting records from 
SSnt IWFs or the sarne end system if the end system moves from one IWF to another. For hand-ofis across IWF 
SuSlrtSe icct-Se^^^^ accounting records emanating from different IWFs^However. the Acc^ 

SJeLsion-ldattributeisthesameforacc«untingreco,.isem^edbyal.lWFsth^^^^^^ 

Since the session ki and the multi-session id are known to both the foreign network and the home network they are 
aSe to em t t^^^^^^ attributes in accounting reports to their respective accounting servers. With the session .d and ttie 
muftiiS id. billing systems are able to correlate accounting records across IWF boundaries in the same wreless 
sen/ice provider and even across wireless sewice provider boundanes. 

1. Accounting Delay Time. See Radius Acot-Delay-Time attribute. 

2 Accounting Input Octets. See Radius Acct-lnpuf.Octets. This attribute is used to keep track of the number of 
ite^ent by the end system (input to the network from the end system). This count is used to track the PPP 
frames only. The air link overhead, or any overhead imposed by RLP. etc. is not counted. 

3 Accounting Output Octets. See Radius Acct-Output-Octets. This attribute is used to keep track of the numtor 
of oSrsSto me end system (output from the network to the e 

frames only. The air link overhead, or any overhead imposed by RLP. etc. and is not counted. 

4 Accounting Authentic See Radius Acct-Authentic attribute. The value of this attribute is Local or Remote de- 
pending on whether the serving IWF or the home IWF generates the accounting record. 

5 Accounting Session Vme. See Radius Acct-Session-Time attribute. This attribute indfcates the an^ount of time 
Lt^ useThas been receiving sen/ice. If sent by the sending IWF. this attribute tracks the amount of time tha 
ruserhrslTenreceivingsen^cefromthatsen/inglWRIfsentbythehome^^^^ 

of time that the user has been receiving service from the home IWF 

6 Accounting Input Packets. See Radius Acct-lnput-Packets attribute. This attribute indicates the numberof pack- 
L r^eSrom the end system. For a.sen,ing IWF. this attribute tracks the number of PPP fra^^ 
JrvinjS from an end system. For a home IWF, thfe attribute tracks th. number of PPP frames input into the 

home IWF from an end system. 

7 Accounting Output Packets. See Radius AcctOutput-Packets attribute. This attribute indicates the number of 
oackTsSo the end system. For a sen/ing IWF. this attribute tracks the number of PPP frames outpu by the 
seS lv5J to the end system. For a home IWF thte attribute tracks the number of PPP frames sent to the end 
system from the home IWF. 

8 Accounting Terminate Cause. See Radius Acct-Temiinate-Cause attribute. This attribute indicates the reason 
!*,y^^ Sslrw^fterminated. in a^^^^^ 

This attribute is onjy present in accounting reports at the end of the session. 

9. Network Accounting Terminate Cause. This attribute indicates a detailed reason 

specific attribute is encoded as a vendor specific attribute and is on^ reported in a Radius Accounjnj f r^^^^^^^ 
the end of session. The standard Radius attribute Acct-Terminate-Cause is also present. This attribute provries 
specific cause codes, not covered by the Acct-Terminate-Cause attribute. 
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10. Network Air link Access Protocol, this attribute indicates the air link access protocol used by the end system. 
This attribute is encoded as a vendor specific attribute. 

11 . Network Backhaul Access Protocol. This attribute indicates the backhaul access protocol used by the access 
5 point to ferry data to and from the end system. This attribute is encoded as a vendor specific attribute. 

12. Network Agent Machine Narhe. This attribute is the fully qualified domain name of the machine running the 
home IWF or the serving tWF. This specific attribute is encoded in vendor specific format. 

10 1 3. Network Accounting Check-point. Since the Radius accounting RFC does not define a check-point packet, the 

present network embodiment uses a Radius accounting start packet with this attribute to mark a check-point. The 
absence of a check-point attribute means a conventional accounting start packet. The presence of this attribute 
in a accounting start packet means a accounting check-point packet. Accounting stop packets do not have this 
attribute. 

15 

[0146] In the preferred embodiment, every iaccounting packet and the corresponding reply must be authenticated 
using MDS and a shared secret The IWFs are configured with a shared secret that are used by them for authentication 
during communication with their Radius accounting server. The shared secrets used by the IWFs for communicating 
with accounting servers are stored in the home/foreign domain directory located in the MSG. The shared secrets for 
20 accounting security are communicated to the IWFs by their registration servers during the end system registration 
sequence. 

[0147] The accounting server software runs in a computer located in the MSG. The role of the accounting server in 
the system is to collect raw accounting data from the network elements (the home and the sending IWFs), process the 
data and store it for transfer to the wireless service provider's billing system. The accounting sen/er does not Include 

25 a billing system. Instead, it Includes support for an automatic or manual accounting data transfer mechanism. Using 
the automatic accounting data transfer mechanism, the accounting sen/er transfers accounting records in Af^A billing 
format to the customer's billing system over a TCP/IP transport. For this purpose, the system defines AMA billing record 
formats for packet data. Using the manual transfer mechanism, customers are able to build a tape to transfer accounting 
records to their billing system. I n order to build the tape to their specifications, customers are provided with information 

30 to access accounting records so that they may process them before writing them to tape, 

[0148] In FIG, 22, the raw accounting data received by the accounting server from the home or serving IWFs are 
processed and stored by the accounting server The processing done by the accounting server includes filtering, com- 
pression and correlation of the raw accounting data received from the IWF. A high availability file server using dual 
active/standby processors and hot swappable RAID disks is used for buff ering the accounting data while it Is transiting 

3S through the accounting isen/er. 

[0149] The accounting server delays processing of the raw accounting data until an end system has terminated its 
session. When an end system terminates its sessbn, the accounting server processes the raw accounting data that 
It has collected for the session and stores an accounting summary record in a SQL database. The accounting summary 
record stored in the SQL data base points to an ASN.1 encoded file. This file contains detailed accounting information 

40 about the end system's session. The data stored in the accounting server is then transfisrred by the billing data transfer 
agent to the customer's billing system. Alternatively, the wireless service provider may transfer the accounting data 
from the SQL database and/or the ASN. 1 encoded file to the billing system via a tape. The data base scheme and 
the format of the ASN. 1 encoded file are documented and nriade available to customers for this purpose. If the volume 
of processed accounting data stored in the accounting system exceeds a high water mark, the accounting sen/er 

45 generates an NMS alarm. This alarm is cleared when the volume of data stored in the accounting sen/er falls below a 
low water mark. The high and low water marks for generating and clearing the alarm are configurable. The accounting 
server ailso generates an NMS alarm if the age of the stored accounting data exceeds a configurable threshold. Con- 
versely, the alarm is cleared, when the age of the accounting data falls below the threshold. 

[0150] The subscriber directory is used to store information about subscribers and is located in the home network. 
50 The home registratk>n server consults this directory during the registration phase to authenticate and register an end 
system. For each subiscriber, the subscriber directory stores the following infomnation. 

1. User-Name. This field In the subscriber record will be in SMTP fomnat (e.g., user@fqdn) where the i/ser sub- 
field will identify the subscriber in his or her wireless home domain and the fqdn subfield will identify the wireless 
55 home domain of the sutjscriber. This field is sent by the end system in its registration request during the registration 

phase. This field is assigned by the wireless service provider to the subscriber at the time of subscription to the 
network service. This field is different than the user name field used in PPP 
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2. Mobility Security Association. This field in the subscriber record contains the mobility security association be- 
tween the subscriber and his or her home network. As described above, a nnobility security association exists 
between each subscriber and its home registration server The mobility security association defines a collection 
of security contexts. Each security context defines an authentication algorithm, an authentication mode, a shared 

5 secret, style of replay protection and the type of encryption (including no encryption) to use between the end system 

and its home server. During registration, the home registration server retrieves information about the subscriber's 
security context from the subscriber directory using the aser-Nameand the security pammeter index (SPI) supplied 
by the end system in its registration request The information in the security context is used for enforcing authen- 
tication, encryption and replay protection during the session. The mobility security association is created by the 

10 wireless service provider at the time of subscription. It is up to the wireless sen/ice provider to permit the subscriber 

to modify this association either by calling up a customer service representative or by letting subscribers access 
to a secure Web site. The Web site software will export web pages which the wireless service provider may make 
accessible to subscribers from a secure web server. In this way, subscribers are able to view/modify the contents 
of the mobility security association in addition to other subscriber information that the sen/ice provider may make 

15 accessible. 

3. Modem MAC Address. This field contains the MAC address of the modem owned by the subscriber. In addition 
to the shared secret, this field is used during registration to authenticate the user It is possible to turn off WiJKC 
address based authentication on a per user basis. The MAC addre^ is communicated to the home registration 

20 server during registration. 

4. Enable MAC Address Authentication. This field is used to determine if MAC address based authentication is 
enabledor disabiedW enabled, the home registration server checks the MAC address of the registering end system 
against this field to validate the end system's identity. If disabled, then no checking is done. 

25 

5. Roaming Enabled Flag. If this field is set to enabled, then the end system is allowed to roam to foreign networks. 
If this field is disabled, then the end system is not permitted to roam to foreign networks. 

6. Roaming Domain List, This field is meaningful only if the Roaming Enabled Flag is set to enabled. This field 
30 contains a list of foreign domains that the end system is allowed to roam to. When the contents of this list is null 

and the Roaming Enabled Flag is set to enabled, the end system is allowed to roam freely. 

7. Sen/ice Enable/Disable Flag, This field may be set to disabled by the system administrator to disable service 
to a subscriber. If this field is disabled, then the subscriber is permitted to register for service. If the subscriber is 

35 registered and the value of this field is set todisabled. then the subscriber's end system is immediately disconnected 

by the network. 

8. Internet Sen/ice Provider Association. This field contains information about the subscriber's internet sen/ice 
provider. This information is used by the 1 WF during the PPP registration phase to perform authentication with the 

40 internet sen^ice provider on behalf of the end system and also to create a L2TP tunnel between the IWF and the 

internet service provider's PPP server. This field contains the identity of the subscriber's ISP. the IWF uses this 
information to access the ISP directory for perfomnlng authentication and setting up the 1-2TP tunnel on behalf of 
the end system. 

45 9. Subscriber's Name&. Address Information. This field contains the subscriber's name, address, phone, fax. e- 

mail address, etc, 

[0151] The home domain directory (HDD) is used by the registration server to retrieve parameters about the end 
system to complete registratbn on behalf of the end system. Using this infomnation, the registration sender determines 

so if the end system is registering at home or K the end system is a roaming end system. In the former case, the registration 
server assumes the role of a home registration server and proceed with end system registration. In the latter case, the 
registration server assumes the role of a foreign registration server and, acting as a Radius proxy, it fonwards the 
request to the real home registration server whose identity it gets from this directory. For roaming end system, the 
parameters stored in the HDD include the I P address of the home registratwn server, the home-foreign shared secret, 

55 the home-serving tWF tunnel configuration etc. the HDD is located in the MSG. 
[0152] The following information Is stored in the HDD. 

1 . Home Domain Name. This field is used as the key to search the HDD for an entry that matches the fully qualified 
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home domain name provided by the end system in its registration request. 

2. Proxy Registration Request, this field is used by the registration server to determine if it should act as a foreign 
registration server and proxy the end system's registration request to the real home registration server. 

5 

3. Home Registration Server DNS Name. If the proxy registration requestf\ag is TRUE, this field is used to access 
the DNS name of the real home registration server. Othenwise, this field is ignored. The DNS name is translated 
to an IP address by the foreign registration server. The foreign registration server uses the IP address to relay the 
end system's registration request. 

10 

4. Foreign Domain Name. If the proxy registration request ^\ag is TRUE, this field is used to identify the foreign 
domain name to the end system's home registration server Otherwise, this field is ignored. The foreign registration 
server uses this information to create the foreign server machine id in SMTP format, for example, machine @fqd a 
This machine id is sent to the home registration server by the foreign registration server in the Radius-Access 

is Request. 

5. Shared Secret. If the proxy registration requestilag is TRUE, the shared secret is used between the foreign and 
home registration sen/ers to authenticate their identity with each other Otherwise this field is ignored. 

20 6. Tunneling Protocol Parameters. This field is used to store parameters to conf igu re the tunnels to provide sen^ice 

to the end system, for an end system at home, this includes information on tunnel parameters between the base 
station and the home IWF and from the home IWF to the PPP server For a roaming end system, this includes 
tunneling parameters from the base station to the serving iWF and from the sending IWF to the home IWF At a 
minimum, for each tunnel, this field contains the type of tunneling protocol to use and any tunneling protocol specific 

25 parameters. For example, this field may contain the identifier for the tunneling protocol L2TP and any additional 

parameters required to configure the L2TP tunnel between the IWF and its peer 

7. Accounting Server Association. This field is used to store infonnation needed by the IWF to generate accounting 
data on behalf of the end system. It contains the name of the accounting protocol (e.g. RADIUS), the DNS name 
30 of the . accounting sender and additional parameters specific to the accounting protocol like the UDP port number^ 

the shared secret that the IWF must use in the Radius Accounting protocol, the frequency of check-pointing, the 
seed for creating the session/mutti-session id. etc. The accounting server^s DNS name is translated to the account- 
ing server's IP address, which is sent to the IWF 

35 [0153] For wireless sen^ice providers that have roaming agreerrients with each other, the HDD is used for authenti- 
cation and to complete the registration process. If an end system roams from its home network to a foreign network, 
the foreign registration server in that network consults the HDD in its MSG to get information about the visiting end 
system's home registration and to authenticate the home network before it provides service to the visiting end system. 
[0154] The software for home domain directory management preferably provides a graphical user interface (GUI) 

40 based HDD management interface for system administrators. Using this GUI. system administrators are able to view 
and update entries in the HDD. This GUI Is not intended for use by foreign wireless network sen/ice providers to perform 
remote updates based on roaming agreements. It is only Intended for use by tnjsted personnel of the home wireless 
service provider operating behind fire walls. 

[0155] the foreign domain directory (FDD) provides functionality that is the reverse of the home domain directory. 
45 The FDD is used by the home registration server to retrieve parameters about the foreign registration sender and the 

foreign network in order to authenticate the foreign network and create a tunnel between a sen/ing IWF and a home 

IWF These parameters include the home-foreign shared secret, the home IWF-serving IWF tunnel configuration, etc. 

The FDD is preferably located in the home registration server's MSG. The FDD is used by home registration servers 

for registering roaming end systems. 
so [0156] The following information will be stored in the FDD. 

t . Foreign Domain Name. This field is used as the key to search the FDD for an entry that niatches the fully qualified 
domain name ot the foreign registration server relaying the registration request. 

55 2. Shared Secret. This is the shared secret used between the foreign and home registration servers to authenticate 

their identity mutually with each other 

3. Home IWF-Sen/ing IWF Tunneling Protocol Parameters. This field is used to store parameters to configure the 
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tunnel between the home I WF and the sen/ing iWF. At a minimum, this field contains the type of tunneling protocol 
to use and any tunneling protocol specific parameters. For example, this field may contain the identifier for the 
tunneling protocol L2TP and any additional parameters required to configure the L2TP tunnel between the serving 
IWF and the home IWF 

5 

4. Accounting Server Association. This field Is used to store information needed by the home IWF to generate 
accounting data on behalf of the end system. It contains the name of the accounting protocol (e.g. RADIUS), the 
DNS name of the accounting sen/er and additional parameters specific to the accounting protocol like the UDP 
port number, the shared secret that the IWF must use in the Radius Accounting protocol, the frequency qf check- 
10 pointing, the seed for creating the session/multi-session id. etc. The accounting server's DNS name is translated 

to the accounting server's IP address, which is sent to the foreign agent. 

[01 j57] For wireless sen/ice providers that have roaming agreements with each other, the FDD is used to do authen- 
tication and complete the registration process. If an end system roams from its home network to a foreign network, the 
15 registration server in the home network consults the FDD in its MSG to get information and authenticate the foreign 
network providing service to the end system. 

[0158] The foreign domain directory management software provides a graphical user interface (GUI) based FDD 
management interface for system administrators. Using this GUI, system administrators are able to view and update 
entries in the FDD. This GUI is not intended for use by foreign wireless network service providers to perform remote 
20 updates based on roaming agreements. It is only intended for use by trusted personnel of the home wireless service 
provider operating behind firewalls. 

[0159] The internet sen/ice provider directory (ISPD) is used by the home IWF to manage connectivity with ISPs that 
have service agreements with the wireless service provider so that subscribers may access their ISPs using the net- 
work- For each subscriber, the subscriber directory has an entry for the subscriber's ISP. This field points to an entry 
25 in the ISPD. The home IWF uses this information to set up the connection to the ISP on behalf of the subscriber 

[0160] The network architecture supports roaming. In order for roaming to work between v/ireless service providers, 
the architecture must support the setting up of roaming agreements between wireless sen^ice providers. This implies 
two things: (1 ) updating system directories across wireless service providers and (2) settlement of bills between service 
providers. 

30 [0161] In order to allow subscribers access to internet sen/ice providers, the architecture supports roaming agree- 
ments with internet service providers. This implies that the architecture must be able to send data to and receive data 
from ISP PPP servers (i.e., that support industry standard protocols like PPR L2TP and Radius). It also implies that 
the architecture handles directory updates for ISP access and settlement of bills with ISPs. 

[0162] When roaming agreements are established between two wireless service providers, both provkJers have to 
35 update their home and foreign domain directories in order to support authentication and registration functions for end 
systems visiting their networks from the other network. At a minimum, the architecture of the present embodiment 
supports manual directory updates. When a roaming agreement is established between two wireless service providers, 
then the two parties to the agreement exchange information for populating their home and foreign domain directories. 
The actual updates of the directories is done manually by the personnel of the respective sen/ice providers. If later, 
40 the information in the home and foreign domain directories needs to be updated, the two parties to the agreement 
exchange the updated information and then manually apply their updates to the directories. 
[0163] In an alternative embodiment, the directory management software incorporates developing standards in the 
IETF to enable roaming between intemet sen/ice providers and to enable ISPs to automatically manage and discover 
roaming relationships. This makes manual directory management no tonger necessary. The network system automat- 
es ically propagates roaming relationships, and discovers them, to authenticate and register visiting end systems. 

[0164] At a minimum, the network architecture just processes and stores the accounting data and makeis the data 
available to the wireless service provider's billing system. It is up to the billing system to handle settlement of bills for 
roaming. 

[01 65] In an alternative embodiment, developing standards in the IETF to handle distribution of accounting records 
50 between inter net service providers are incorporated into the network architecture to enable ISPs to do billing settlement 
for roaming end systems. 

[0166] The system software supports access to ISPs and private intranets by supporting L5TP between the home 
IWF and the ISPs or intranet PPP server The intemet service provider directory contains information useful to the IWF 
for creating these tunnels. As access agreements between the wireless service provider and internet service providers 
55 are put in place, this directory is updated manually by the wireless service provider's personnel. Automatic updates 
and discovery of access relationships between the wireless sen^ice provider and internet service providers are presently 
contemplated and implemented as the intemet standards evolve. While accessing an internet service provider, the 
subscriber receives two bills - one from the wireless service provider for the use of the wireless network and the.second 
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from the inter net service provider. Although common billing that combines both types of charges Is not handled by the 
minimum embodiment software, it is contemplated that the software will take advantage of internet standards for billing 
settlement as they evolve so that subscribers may receive a common bill based on roaming agreements between the 
ISP and wireless service providers. 

5 [0167] The system includes a element management system for managing the network elements. From the element 
manager, system administrators perform configuration, performance and fault/alarm management functions. The ele- 
ment management applications run on top of a web browser. Using a web browser, system administrators manage the 
network from any where that they have TCP/IP access. The element manager also performs an agent role for a higher 
level manager. In this role it exports an SHMP MIB for alarm and fault nnbnitoring. 

to [0168] A higher level SNMP manager is notified of alarm conditions via SNMP traps. The higher level SNMP manager 
periodically polls the element manager?s MIB for the health and status of the network. S^tem management personnel 
at the higher level manager are able to view an icon representation of the network and its current alarm state. By 
pointing and clicking on the network element icon, systems management personnel execute element management 
applications using a web browser and perform more detailed management f unctioris. 

15 [0169] Inside the network, management of the physical and logical network eleinents Is performed using a combi- 
nation of the SNMP protocol and internal management application programming interfaces. Applications in the element 
manager use SNMP or other management APIs to perform network management functions, 
[0170] Architecturally, the element management system includes two distinct sets of functional elements. The first 
set of functional elements, including the configuration data sender, performance data monitor and health/status monitor 

20 and network element recovery software, executes on an HA server equipped with RAID disks. The second set of 
functional elements, including the management applications, executes on a dedicated, non-H A management system. 
Even if the element manager system becomes non-operational, the network elements continue to be able to run and 
report alamns and even be able to recover from fault conditions. However, since all the management applications 
execute in the non-HA element manager, if the element manager goes down, then recovery actions requiring human 

25 intervention are not possible until the element manager becomes operational. 

[0171] The wireless hubs (WHs) in the base stations are typically owned by a wireless service provider (WSP), and 
they are connected to the WSP's registration server (RS) either via point-to-point links, intranets or the Internet. The 
WSP's registration server is typieally a software module executing on a processor to perform certain registration func- 
tions, tnter-wprking function units (IWF units) are typically software modules executing on a processor to perfomn 

30 certain interfacing functions. IWF units are typically connected to the registration servers via intranetsA/VAN. and the 
IWF units are typically owned by the WSR However, the IWF units need not be located within the same LAN as the 
registration servers. Typically, accounting and dii-eclory servers (also software modules executing on a processor) are 
connected to the registration servers via a LAN in the service provider's Data Center (e.g., a center including one or 
more processors that hosts various servers and other software modules). Traffic from the end system is then routed 

35 via a routiBr (connected to the LAN) to the public Internet or to an ISP's intranet. The registration server located in a 
foreign WSP's network is referred to as the foreign registration server (FRS), and the registration server located in the 
end system's home network (where the mobile purchases its sen/ice) is referred to as the home registration server 
(HRS). The inter-working function unit in the home network is referred to as the home IWF while the inter-vyorking 
function unit in the foreign network (i^e., the network the end system is visiting) is referred to as the serving IWF 

40 [0172] For fixed wireless service (i.e., a non-moving end system), an end system may register for service on the 
home network from the home network (e.g.. at home service) or from a foreign network (e.g., roaming service). The 
end system receives an advertisement sent by an agent (e.g. ^ an agent function implemented in software) in the wireless 
hub via the access point. There are both MAC-layer registration as well as network-layer registration to be accom- 
plished. These may be combined together for efficiency. 

45 [0173] For end systems at home (FIG. 23), the network layer registration (like a local registration) make's known to 
the home registration server the wireless hub to which the end system is currently attached. An IWF in the end system's 
home network will become the anchor or home IWF Thus, PPP frames to and from the end system travel via the 
wireless hub to the home IWF in the home network. If the end systenn is at home, the home IWF is connected to the 
wireless hub via an XTunnel protocol. 

50 [0174] Por roaming wireless service (FIG. 24), the foreign registration server determines the identity of the home 
network of the roaming end system during the registratbn phase. Using this infomr\ation. the foreign registration server 
communicates with the home registration sen/er to authenticate and register the end system. The foreign registration 
server then assigns a serving IWF, and an l-XTunnel protocol connection is established between the home IWF and 
the serving IWF for the roaming end system. The serving IWF relays frames between the wireless hub and the home 

55 IWF. From the home IWR data is sent to a PPP sen/er (i.e.. point-to-point protocol server) which nnay reside in the 
same I WF. However, if the data is to go to a corporate intranet or an ISP's intranet that has its own PPP server, the 
data is sent to the separate PPP sen/er via the L2TP protocol. The separate sen/er is typrcally owned and operated 
by an Internet service provider who is different from the wireless service provider. For the duration of the session, the 
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10 



locations of the home I WF and PPP server remain fixed. The MAC layer registration can be combined with the network 
registration to economize on the overhead of separate communications for MAC layer and network layer registration; 
however, it may be advantageous to not combine these registration processes so that the WSP's equipment wilt be 
interoperable with other wireless networks that supports pure IETF Mobiie-IP 

[01751 Registration sets up three tables. Table 1 is associated with each access point, and Table 1 identtfies each 
connection fe g . each end system) by a connection id (CIQ) and associates the connection id with a particular wireless 
(WM) modem address (i.e.. the address of the end system or end system). Table 2 is associated with each wireless 
hub (WH) and Table 2 associates each connection id with a corresponding wireless modem address, access point 
and XTunnel id (XID). table 3 is associated with each inter-working function (IWF). and Table 3 associates each con- 
nection id with a corresponding wireless modem address, wireless hub address. XTunnel id and IP port (IP/port). The 
entries described for these tables are described to include only relevant entries that support the discussion of mobility 
management. In reality, there are other important fields that heed to be Included as well. 
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Connection Table at WH 
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Connection table at IWF 
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WM 
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XID 


IP/Port 
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WM1 


WH1 
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1P1/P1 


02 


WM1 


WH1 
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IP1/P2 


C1 


WM2 


WH1 
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IP2/P3 


CI 


WM3 


WH1 
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IP3/P1 


C5 


WM5 


WH2 
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IP4/P1 



[0176] The protocol stacks for dial-up users at home in a networit as well as roaming users are illustrated in FIGS. 
25-28 FIG 25 depicts protocol stacks used for direct internet access by a fixed (i.e.. non-moving) end system at home 
where a PPP protocol message terminates in the home IWF (typically collocated with the wireless hub) which relays 
message to andirom an IP router and from there to the public internet. FIG. 26 depicts protocol stacks used for remote 
intranet access (i.e., either private corporate nets or an ISP) by a fixed (i.e.. non-moving) end system at home where 
a PPP protocol message is relayed through the home IWF (typically collocated with the wireless hub) to a PPP server 
of the private corporate intranet or ISP. FIG. 27 depicts protocol stacks used for direct internet access by a roaming 
but fixed (i.e.. non-moving) or a rfiovihg end system where the PPP protocol terminates in the home IWF (typ'cally 
located in a mobile switching center of the home network) which relays message to and from an IP router. In FIG. 27, 
note how message traffic passes through a serving IWF (typically collocated with the wireless hub) in addition to the 
home IWF FIG 28 depicts protocol stacks used for remote intranet access (I.e., either pnvate corporate nets or an 
ISP) by a roaming but fixed (i.e.. non-moving) or a moving end system where a PPP protocol message is relayed 
through the home IWF (typically located in a mobile switching center of the home network) to a PPP sen/er of the 
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registered with the controlling authority. ^ j„ ^^^1 
illustrated in Table 4 below. 



Primitive 
Name 



Destination 
Address 



Source 
Address 



Ethernet 
Type 



XWD MAC 
Primitive 



M^Discover.Req 



Broadcast or unicast MAC 
Providider 



MAC User 



XWD_Contro! 



M.Discover.Cnf 
M_Opensap.Req 



MAC User 
MAC Provider 



MAC Provider 
MAC User 



XWD_Contrpl 
XWD Control 



M_OpenSap.Cnf 
M_CloseSap.Req 



MAC User 
MAC Provider 



MAC Provider 
MAC User 



XWD_Control 
XWD_Control 



M_CloseSap.Cnf 
M_EchoSap.Req 



MAC User 
MAG User 



MAC Provider 
MAC Provider 



XWD_Control 
XWD_Control 



5 
6 



M_EchoSap.Cnf 



MAC Provider 



MAC User 



XWD_Control 



M_Connect.Req 



0 



s 



MAC Provider (modem 
only) 



MAC User (end system 
only) 



XWD_Conlrol 



M_Connect Ind 



MAC User (wireless hub 
only) 



MAC Provider (AP only) 



XWD.Control 
XWD_Control 



M_Connect.Rsp 



MAC Provider (AP only) 



MAC User (wireless hub 
only) 



M_Connect.Cnf 



MAC User (end system 
only) 



MAC Provider (modem 
only) 



XWD_Control 



M_Disconect.Req 



MAC Provider 



MAC User 



XWD_Controi 



11 
12 



the PPP protocol information via the wireless modem 352. The router 354 receives me in.o 
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[0182) Four wesol hanaon scwarmraa, occur, f^'^^;^ i ft« w^nli a ,»».op«2a«on optter, 
Uiny, and (i.) glotal mcWIlt,. In a. tour «emr,o, (« "T,^^^^^^^ i> not change. In 
not con*Jored » ll«t the nation. ol ••^^"T,^'L^Z«2Zmge. Ho...». thl. asp,«t 



0 



;5 



does not Change. The wireless hub recogn.zes the end sys em s '«9J^*^7 ^^^^^^^^^ 

need to delete the entry. L,^„^^ff h«nr!ipc; pnd svstem (desiqnated MN for mobile node) 

r4'rn^h"S.«r*iTt.rrs^^^ 

L build Xrunnel Request message to request he ^'^'^ '"^'^^ *° ^^^^^^^ ,o tear down the existing 

no change ol IWF. either the serving IWF or home IWF. registration 

rn.=:r.:s;Lrrrr:j^:rjL^r=^^^^ 

forwarded to the end system. urirc^ieeiQ hub When the old wireless hub receives 

[0190] Theregistralionsen/ersendsarelease^rnessag^^^^^^^ 

to the new wireless hub to the registration server ^ ^^^j^^ 

[0192] Theregistrationserverrecognizesthatitisaforeignregistrationse^^ 
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to the present registration server's network, "mis foreign registration sender determines the '^'^^^^^'^^^^j;^'^^^ 
rattan' erver by using a request, preferably a Radius Access request (RA request), to the forergn directoj server (IHce 
Syellow pages) and then assigns an appropriate IWF to be the serving IWF. and .t forwards a f ^^^^^^^ 
to the home regist/atipn server, preferably through a Radius Access request (BA request). .nform.ng the home regis- 
s tration sen/er of the newly selected IWF. . =. naHiii<4 

0193] The home registration server authenticates the registration request by using a request, preferably a^d us 
/irLequest (RA request), to the home directory sender. Upon authenticating the request and determine 

SwF can still be used, the home registration server instructs the home IWF to bu.ld a new l-XTunnel to 
rSy^SiS^ed'en/Ing IWF and to tear do^ the existing l-XTunnel to the old serving IWF. Upon rece.v^g a 
,0 J^iSi^d I XTunnel reply and a positive tear l-XTunnel reply from the home IWF. the home reg.strat.on server 
cipnds a reaistration reply to the foreign registration server. . , ^« 

pTS] The foreign registration server then instructs the new^ assigned IWF to build an XTunneHo the "ow^w^eless 
hulTion receMng a posit«,e build XT unnel reply, the foreign registration sen/er instructs the old IWF to tea *.wn 
the XTunnel to the old wireless hub. Upon receiving a positive build XTunnel reply and a posrtwe tear XTunnel reply. 
«5 the foreign registration server sends a registration reply to end system. v,,Kio.,r^=.tort 
0195] Astt?eregislrationreplyreaches.thenewwirelesshub.theconnectiontableattheneww.relesshub^ 

to reflect the connection to the new AP. The new AP updates its MAC filter address tab e and connejton table after 
receiving a message from the new wireless hub. and the registration reply is tonwarded to the end system. 
S -meregiltionserversendsareleasemessagetotheoldwete^^ 

Ihe release message, it updates its connection table and the MAC filter address table and the old AP updates its MAC 
filter address table and connection table after receiving a message from the old wireless hub. _ 
S The global mobility handoff case handles movement between wireless hubs ^^^'^^^^^^'J.^^^!;; '^J^^ 
{ration sen/ers FIG 36 depicts a global mobilrty handoff where the home IWF does not change, and FIG. 37 depots 
n 1 mi Sndoff wSere the home IWF changes. When an advertisement is receK^ed from a new wireless^hub 
MhanewAP)inanewforelgn network, the end systemsendsamessagetorequestane^worklay^ 
to Zewreign registration seL. The regist^tion request Is relayed from the new AP to the new wireless hub to 

belongtothepresentregistratlonsen/er'snetwork.Thistoreignregistrattonserverdeterrnine^ . 
30 regStionserverbyus^garequest,preferablyaRadiusAccessrequest(RArequest),tot^ 

Za b g yellow pages) and then assigns an appropriate IWF to be the serving IWF, and « forwards the registr^l^ 
rSest toL horSe registration server, preferabV through a Radius Access request (RA request), informing the home 
registration server of the newly selected IWF. „„.orahi» a Radius 

[0199] The home registratton server authentfcates the registration request by using a request^ preferably a^us 
S rJJuest (RA revest), to the home directory sender. Upon authentfeating the ^-^-^^ J^^^^^^^^^^^^ 
existing home IWF can still be used (FIG. 36). the home registration sender instructs the home IWF ^ ''"''^^^ 1 
SnLo the serving IWF new^ assigned by the new fpreign registration ser^^ 

sends a de-registration message to the old foreign registration server and instructs the home '^FJ'^Jea; ^om^^^^^ 
existing l-XTunnel to the exis«ng serving IWF of the old foreign network. Upon rece,v«ig a P^^'^^/ ^"^J^^^^^ 
reply and a positive tear l-XTunnel rep^ from the home IWF. the home registration server sends a registration reply to 

"^I^XZi:;^ se.er then instructs the n.w, assigned IWF to build an XTunnel to the new 
Sess hub Upon receiving a positive build XTunnel reply, the foreign registration server sends a registration repj^ 
to e^%lm the registratioVrep^ reaches the new wireless hub. the connection table at the new wireless hub 
SupS to reflect the Lnection toL new AP. The new AP updates its MAC filter f ^^-^ »f -^^"^^^ 
able after receiving a message from the new wireless hub. and the registration reply is forwarded to he end system. 
SSlf ^e oW foreign registration server instructs the old IWF to tear down the XTunnel to the oW^^ ^j^^^ 
UponeceivlngapositLteixrunnelreplyorcontemporanedus^withtheteardo^ 
registration server sends a .release message to the old wireless hub. When the 
SO message, it updates its connection table and the MAC filter address table, and the old AP updates its MAC filter address 
table and connectbn table after receiving a message from the old wireless hub. 

[0202] Alternatively, after the home registration server authenticates the registration request from t^-^ new fo^.gn 
Sst ation server and determines that the existing home IWF cannot be used (FIG- 37) ^^^'^^^^^Z) 
chooses a new home IWF and instructs the new home IWF to build a new level 2 tunnelprptocol tunnel 
ss to the present PPP sender (e.g.. the PPP sen/er in a connected ISP bitranet). TTien. the home reg^trat.on sender 
instnjcts the old home IWF to transfer its VllP tunnel traffic to the new home |WR 

ra203] Then the home registration server instructs the new home IWF to build a new l-XTunnel to the sen/mg IW 
newV assigned by the new.Leign registratton server. The hom^ 
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25 



30 



3S 



saqe to the oldforeign registration serverand instructs the homelWFtotear down th^ 

se^brrWpTthe old foreign networl. Upon receiving a positK^e build 1-XTunnel reph^ and a P^^^^^ .^"""^^^^ 
epTt om ^ehorne IWf. thlhome registration server sends a ^^^^^'^^ '^^^'^'^^^^^ 
M041 The new foreign registration server then instructs the newly assigned IWF to build an ^"""tnSirreDh^ 

JnonrecI^tigapositLtearJaunnelreplyprconiernpora 

S pBoosS IETF MobWP ml ml warns coostraa.d aocortng to Ih, |m(.os«d eXF Mob.WP 

[0207] Differences between the present system and the IETF Mobile-IK (H^o<iuu<i. 

fil The oresent systemists a hierarchical concept tor mobility nranagement rather than a flat structure as In the 
So^c^SSriPstandard. small mobilitywithinasmallareadoes not result in 

SrrS^liinvoLssett^ 

minimum. inJoives setthg up of a new l-XTunnel and tearing down of an ^'l'^''^^ 'j^^^^^^ 

upAearingdown of >aunneI.Global mobility sometimesalsoinvotvessettingupanewLZTPTunnel and transierring 

of L2TF* state from the existing l^TP Tunnel to the new L2TP Tunnel. 

(ii) in the present invention, a user name plus a realm is used to identify a remote dial-up user rather than a fixed 
home address as in the case of the proposed IETF Mobile-IP standard. 

foreign IWF and the wireless hub (also referred to as the access hub). 

frSSVpPP^erver. The number of these tun^^ 
40 nodes as described earlier. 

(V) in the present invention, wireless registration occurs before PPP session starts whHe in the proposed IETF 
Mobile-IP standard. Mobile-lP registration occurs after PPP session enters into the open state. 

2iT^::^r^^'sr.::^^:^^=i^^~ 

IETF Mobile-IP standard. 

102081 End systems in the present invention, should support agent solicitation. When an end systern in the present 
S vfsS' a'ne,::::rk w.ic'h is supporting the proposed IETF Mpbi.e.P T^^^SZ Z^^ 

advertisement. If it does not receive an agent advertisement wrthin a reasonable time frame, it broadcasts agent 
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SO 



55 



SSrrnthepresentinvention.networKoperatorsmay^^^^^^^^^ 

Mobile-IP stan^Lrd such that home addresses can be assigned to the end systems f ^ P^f^^/^^J^^ 

use other networks. When the end system of the present system receives ^S^"' ^•^'fj^^^^^^^^^ 

that the network it is visiting is not an a network according to the present system and hence uses the assigned nom 
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address to register. 

[0210] For networks supporting the proposed IETF Mobile-IP standard, the PPP session starts before Mobile-IP 
registration, and the PPP server is assumed to be collocated with the foreign agent in such networks. In one embod- 
iment, an SNAP header is used to encapsulate PPP frames in the MAC frames of the present system(in a manner 

s similar to Ethernet format), and the foreign agent interprets this format as a proprietary PPP format over Ethernet 
encapsulation. Thus, the end system of the present system and its PPP peer can enter into an open state before the 
foreign agent starts transmitting an agent advertisement, and the end system of the present system can register. 
[0211] To allow end systems supporting the proposed IETF Mobile-IP standard to work in networks of the type of the 
present invention, such mobiles are at least capable of performing similar MAC layer registrations. By making the agent 

10 advertisement message format similar to the proposed Mobile-I P standard agent advertisement message format, a 
visiting end system can interpret the agent advertisement and register with a wireless hub. In the present invention, 
registration request and reply messages are similar to the proposed IETF Mobile-IP standard registration request and 
reply messages (without any unnecessairy extensions) so that the rest of the mobility management features of the 
present system are transparent to the visiting end systems. 

IS [0212] Since end systems supporting the proposed IETF Mobile-IP standard expect a PPP session to start before 
Mobile-IP registration, an optional feature in wireless hubs of the present system starts to interpret PPP LCR NCP 
packets after MAC-layer registrations. 

[0213] To avoid losing traffic during handoffs. the mobility management of the present systemists the make before 
break concept For local mobility, a make before break connection is achieved by turning the MAC-layer registration 

20 message relayed by the new AP to the wireless hub into a broadcast message. That way, the old AP can hear about 
the new registration and forward packets destined for the end system that have hot been transmitted to the new AP 
[0214] For micro mobility, information about the new wireless hub is included in the Tear XTunnel message exchanged 
between the serving IWF and the old WH. That way, the old wireless hub can forward buffered packets to the new 
wireless hub upon hearing a TearXTunnel message from the sending IWF Alternatively, the RLP layer at the IWF knows 

25 the sequence number that has been acknowledged by the old wireless hub so far. 

[0215] At the same time, the IWF knows the current send sequence number of the latest packet sent to the old 
wireless hub Therefore, the IWF can fonward those packets that are ordered in between these two numbers to the new 
wireless hub before sending newer packets to the new wireless hub. The RLP layer is assumed to be able to filter 
duplicate packet. The second approach is probably preferable to the first approach for the old wireless hub may not 

50 be. able to communicate with one another directly. 

[0216] For macro mobility, the old serving IWF can forward packets to the hew serving IWF, in addition to the packet 
forwarding done from the ote) wireless hub to this new wireless. AN we need to do is to forward the new serving IWF 
identity to the new sen/ing IWF in the tear down l-XTunnel message. Another way to achieve the same result is to let 
the home IWF fonward the missing packets to the new serving IWF rather than asking the old serving IWF to cto the 

35 job since the home IWF knows the l-XTunnel sequence number last acknowledged by the old serving IWF.and the 
current l-XTunnel sequence number sent by the home IWF 

[0217] The method of estimating how much buffer should be allocated per mobile per AP per wireless hub per IWF 
such that the traffic loss between handoffs can be minimized is to let the end system for the AP for the wireless hub 
for the IWF estimate the packet arrival rate and the handoff time. This information is passed to the old AP of the wireless 
40 hub of the IWF to determine how much traffic should be transferred to the new AP of the wireless hub of the IWF, 
respectively, upon handoffs. 

[021 8] To achieve route optimization in the present invention, the end system chooses the PPP server closest to the 
serving IWF Without route optimization, excessive transport delays and physical line usage may be experienced. 
[0219] For example, an end system subscribed to a home network iri New York City may roam to Hong Kong. To 
45 establish a link to a Hong Kong ISP. the end system would have a serving IWF established in a wireless hub in Hong 
Kong and a home IWF established in the home network in New York City. A message would then be routed from the 
end system (roamed to Hong Kong) through the serving IWF (in Hong Kong) and through the home IWF (in New York 
City) and back to the Hong Kong ISP 

[0220] A preferred approach is to connect from the serving IWF (in Hong Kong) directly to the Hong Kong ISP The 
50 serving IWF acts like the home IWF. In this embodiment, roaming agreements exist between the home and foreign 
wireless providers. In addition, the various accounting/billing systems communicate with one another automatically 
such that billing information is shared. Accounting and billing information exchange may be implemented using stand- 
ards such as the standard proposed by the ROAMOPS working group of the IETF 

[0221] However, the sen/ing IWF must still discover the closest PPP server (e.g.. the Hong KpngISP). In the present 
55 embodiment, the foreign registration server learns of the end system's desire to connect to a PPP server (e.g.. a Hong 
Kong ISP) when it receives a registration request from the end system. When the foreign registration server determines 
that the serving IWF is closer to the desired PPP server (e.g.. the Hong Kong ISP) than the home IWF is. the foreign 
registration server instructs the sen/ing IWF to establish an L2TP tunnel to its nearest PPP server (in contrast to the 
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PPP server closest to the home registration server and home i WF). Then, the foreign registration server infomis the 
home registration server that the end system is being sen/ed by the serving IWF and the foreign PPR 
[0222] In an alternative embodiment, the foreign registration sen/er determines that the serving IWF is closer to the 
desired PPP server (e.g., the Hong Kong ISP) than the home IWF is, when it receives a registration request from the 
5 end system. The foreign registration server relays the registration request message to the home registration server 
with an attached message indicating the serving IWF information and a notification that route optimization is preferred. 
At the same time, the foreign registration server instructs the sen/ing IWF to establish an L2TP tunnel to the PPP 
sen/er. Upon approving the registration request, the home registration server instructs the home IWF to transfer the 
L2TP state to the foreign IWF. 

10 [0223] Having described preferred embodiments of a novel network architecture with wireless end users able to 
roam (which are intended to be illustrative and not limiting), it is noted that modifications and variations can be made 
by persons skilled in the art in light of the above teachings. For example, connection links described herein may make 
reference to known connection protocols (e.g. JP. TCP/IP, L2TP, IEEE 802.3. etc.); however, the system contismplates 
other connection protocols in the connections links that provide the same or similar data delivery capabilities. Acting 

75 agents in the above described embodiments may be in the form of software controlled processors or may be other 
form of controls (e.g., programmable logicarrays/etc). Acting agents may be grouped as described above or grouped 
othenrtfise in keeping with the connection teachings described herein and subject to security and authentication teach- 
ings as described herein. Furthemnpre. a single access point, access hub (i.e.. wireless hub) or inter-working function 
unit (IWF unit) may provide multi-channel capability. Thus, a single access point or access hub or IWF unit may act on 

20 traffic from multiple end systems, and what is described herein as separate access points, access hubs or IWF units 
contemplates equivalence with a single multichannel access point, access hub or IWF unit. It is therefore to be under- 
stood that changes may be made in the particular embodiments of the system disclosed which are within the scope 
and spirit of the systems defined by the appended claims. 

[0224] Having thus described the system with the details and particu lar ity required by the patent laws, what is claimed 
25 and desired protected by Letters Patent is set forth in the appended claims. 



Claims 

30 1, A coupled data network comprising: 

a foreign network that includes a foreign base station with a foreign access hub. the foreign access hub in- 
cluding a first sen/ing inter-working function; 
a home network with a first home Inter-working function; and 
35 a first mobile end system subscribed to the home network and operating within the foreign network, a first 

message being transportable between the first mobile end system and a first communications sen/er through 
the first home inter-working function and through the first sen/ing inter-working function of the foreign access 
hub in the foreign base station. 

40 2. The network of claim 1 , wherein the first message is transportable from the first mobile end system through the 
first home inter-working function to the first communications server 

3. The network of claim 1 , wherein the first mobile end system includes a wireless modem coupleable to the foreign 
access hub. 

45 

4. A data network coupled to a foreign network that includes a foreign base station with a foreign access hub, the 
foreign access hub including a first sen/ing inter-working function, the wireless data network comprising: a home 
network with a first home inter-working function; and a first mobile end system subscribed to the home network 
and operating within the foreign network, a first message being transportable between the first mobile end system 

so and a first communications sender through the first home inter-working function and through the first sending inter- 

working function of the foreign access hub in the foreign base station. 

5. The network of claim 4. wherein the first message is transportable from the first mobile end system through the 
first home inter-working function to the first communicatbns sen/er 

55 

6. The networi< of claim 4, wherein the home network includes a home mobile switching center, the first home inter- 
wbrking function being included in the home mobile switching center 
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7. A mobile end system for use in a data network coupled lo a foreign network, that Includes a foreign base station 
with a foreign access hub. the foreign access hub including a first serving inter-working function, and a home 
network with a first home inter-working function, comprising: 

5 means for connecting the mobile end system to said foreign network, and 

said first mobile end system subscribed to the home network and operating within the foreign network, a first 
message being transportable between the first mobile end system and a first communicatbns sen/er through 
the first home inter-working function and through the first serving inter-working function of the foreign access 
hub in the foreign base station. 

10 

8. A mobile end system according to claim 7, wherein said mobile end system is connected to said foreign network 
by a modem. 

9. A mobile end system according to claim 7. wherein said mobile end system is (connected to said foreign network 
15 by a wireless modem. 

10. A home network for use in a data network coupled to a foreign network, that includes a foreign base station with 
a foreign access hub, the foreign access hub including a first serving inter-working function, and mobile end system 
subscribed to the home network and operating within the foreign network, comprising; 

20 

a home switching center, 

a first home inter-working function being included in said home mobile switching center; and 
wherein a first message is transported between the first mobile end system and a first communications sen/er 
through the first home inter-working function and through the first serving inter-working function of the foreign 
25 access hub in the foreign base station. 

11. The network of claim 10, wherein the first home inter-working function includes a home accounting collection 
* module to collect accounting data on message traffic transported through the first home inter-working function. 



30 12. the network of claim 1 1 . wherein: 

the home network further Includes a home mobile switchingcenter that includes a home accounting server; and 
the home accounting collection module includes a sub-module to periodically send accounting reports to a 
home accounting server. 

35 

13. the network of claim 12, wherein: 



the home network further includes a home billing processor; and 

the home accounting server includes a module to send accounting reports to the home billing processor, 
home billing processor including a module to prepare customer bills based on the accounting reports from 
home accounting server 
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